Vulnerabilities > F5 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-03 | CVE-2019-6636 | Cross-site Scripting vulnerability in F5 Big-Ip Advanced Firewall Manager On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. | 8.4 |
| 2019-07-03 | CVE-2019-6631 | Unspecified vulnerability in F5 products On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs. | 7.5 |
| 2019-07-03 | CVE-2019-6630 | Unspecified vulnerability in F5 SSL Orchestrator 14.0.0/14.1.0/14.1.0.3 On F5 SSL Orchestrator 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, undisclosed traffic flow may cause TMM to restart under certain circumstances. | 7.5 |
| 2019-07-03 | CVE-2019-6629 | Unspecified vulnerability in F5 products On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. | 7.5 |
| 2019-07-03 | CVE-2019-6628 | Unspecified vulnerability in F5 Big-Ip Policy Enforcement Manager On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under certain conditions, the TMM process may terminate and restart while processing BIG-IP PEM traffic with the OpenVPN classifier. | 7.5 |
| 2019-07-02 | CVE-2019-6623 | Unspecified vulnerability in F5 products On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, undisclosed traffic sent to BIG-IP iSession virtual server may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS). | 7.5 |
| 2019-07-02 | CVE-2019-6624 | Unspecified vulnerability in F5 products On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, an undisclosed traffic pattern sent to a BIG-IP UDP virtual server may lead to a denial-of-service (DoS). | 7.5 |
| 2019-07-02 | CVE-2019-6622 | Command Injection vulnerability in F5 products On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, an undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource administrator user. | 7.2 |
| 2019-07-02 | CVE-2019-6621 | OS Command Injection vulnerability in F5 products On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin user. | 7.2 |
| 2019-07-02 | CVE-2019-6620 | OS Command Injection vulnerability in F5 products On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl REST worker vulnerable to command injection for an Administrator user. | 7.2 |