Vulnerabilities > F5 > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-12 CVE-2020-5898 Unspecified vulnerability in F5 Big-Ip Access Policy Manager
In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland.
local
low complexity
f5
5.5
2020-04-30 CVE-2020-5892 Unspecified vulnerability in F5 Big-Ip Access Policy Manager
In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.
local
low complexity
f5
6.7
2020-04-30 CVE-2020-5890 Information Exposure vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace.
local
low complexity
f5 CWE-200
5.5
2020-04-30 CVE-2020-5889 Cross-site Scripting vulnerability in F5 Big-Ip Access Policy Manager
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client.
network
low complexity
f5 CWE-79
5.4
2020-04-23 CVE-2020-5866 Information Exposure vulnerability in F5 Nginx Controller
In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.
local
low complexity
f5 CWE-200
5.5
2020-04-23 CVE-2020-5865 Cleartext Transmission of Sensitive Information vulnerability in multiple products
In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.
network
high complexity
f5 netapp CWE-319
4.8
2020-02-21 CVE-2013-3587 Information Exposure vulnerability in F5 products
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
network
high complexity
f5 CWE-200
5.9
2020-02-06 CVE-2020-5855 Unspecified vulnerability in F5 Big-Ip Access Policy Manager
When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.
low complexity
f5
4.3
2020-02-06 CVE-2020-5854 Unspecified vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made.
network
high complexity
f5
5.9
2020-01-14 CVE-2020-5853 Cross-site Scripting vulnerability in F5 Big-Ip Access Policy Manager
In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict.
network
low complexity
f5 CWE-79
5.4