Vulnerabilities > F5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-09 | CVE-2017-0302 | Range Error vulnerability in F5 Big-Ip Access Policy Manager In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters. | 5.3 |
| 2017-05-09 | CVE-2016-9257 | Cross-site Scripting vulnerability in F5 Big-Ip Access Policy Manager In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user. | 6.1 |
| 2017-05-09 | CVE-2016-9256 | Race Condition vulnerability in F5 products In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. | 7.5 |
| 2017-05-09 | CVE-2016-9253 | Improper Input Validation vulnerability in F5 products In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile. | 7.5 |
| 2017-05-09 | CVE-2016-9251 | Permissions, Privileges, and Access Controls vulnerability in F5 products In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection. | 8.8 |
| 2017-05-01 | CVE-2017-6128 | Unspecified vulnerability in F5 products An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow. | 7.5 |
| 2017-04-11 | CVE-2016-7467 | Improper Input Validation vulnerability in F5 Big-Ip Access Policy Manager The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector. | 5.3 |
| 2017-04-06 | CVE-2017-6130 | Server-Side Request Forgery (SSRF) vulnerability in F5 SSL Intercept Iapp and SSL Orchestrator F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic. | 7.4 |
| 2017-04-06 | CVE-2017-0305 | Unspecified vulnerability in F5 SSL Intercept Iapp 1.5.0/1.5.7 F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic. | 9.8 |
| 2017-03-27 | CVE-2016-9252 | Data Processing Errors vulnerability in F5 products The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors. | 7.5 |