Vulnerabilities > F5

DATE CVE VULNERABILITY TITLE RISK
2018-10-19 CVE-2018-15316 Unspecified vulnerability in F5 products
In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks.
local
low complexity
f5
5.5
5.5
2018-10-19 CVE-2018-15315 Cross-site Scripting vulnerability in F5 products
On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected Cross Site Scripting (XSS) vulnerability in an undisclosed Configuration Utility page.
network
low complexity
f5 CWE-79
6.1
6.1
2018-10-19 CVE-2018-15314 Cross-site Scripting vulnerability in F5 Big-Ip Advanced Firewall Manager
On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page.
network
low complexity
f5 CWE-79
6.1
6.1
2018-10-19 CVE-2018-15313 Cross-site Scripting vulnerability in F5 Big-Ip Advanced Firewall Manager
On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page.
network
low complexity
f5 CWE-79
6.1
6.1
2018-10-19 CVE-2018-15312 Cross-site Scripting vulnerability in F5 products
On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated user to execute JavaScript for the currently logged-in user.
network
low complexity
f5 CWE-79
6.1
6.1
2018-10-10 CVE-2018-15311 Unspecified vulnerability in F5 products
When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event.
network
high complexity
f5
5.9
5.9
2018-10-08 CVE-2016-7475 Improper Input Validation vulnerability in F5 products
Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles.
network
low complexity
f5 CWE-20
7.5
7.5
2018-09-13 CVE-2018-5549 Improper Input Validation vulnerability in F5 Big-Ip Access Policy Manager
On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13.1.0.3, APMD may core when processing SAML Assertion or response containing certain elements.
network
low complexity
f5 CWE-20
7.5
7.5
2018-09-13 CVE-2018-5548 Open Redirect vulnerability in F5 Big-Ip Access Policy Manager 11.6.1/11.6.2/11.6.3
On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.
network
low complexity
f5 CWE-601
6.1
6.1
2018-09-13 CVE-2018-5545 Improper Input Validation vulnerability in F5 Websafe Alert Server
On F5 WebSafe Alert Server 1.0.0-4.2.6, a malicious, authenticated user can execute code on the alert server by using a maliciously crafted payload.
network
low complexity
f5 CWE-20
8.8
8.8