Vulnerabilities > F5 > SSL Orchestrator > 13.1.3.4

DATE CVE VULNERABILITY TITLE RISK
2021-03-31 CVE-2021-22987 Unspecified vulnerability in F5 products
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
network
low complexity
f5
critical
 9.0
9.0
2021-03-31 CVE-2021-22988 Unspecified vulnerability in F5 products
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
network
low complexity
f5
critical
 9.0
9.0
2021-03-31 CVE-2021-22986 Server-Side Request Forgery (SSRF) vulnerability in F5 products
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability.
network
low complexity
f5 CWE-918
critical
 10.0
10
2020-10-29 CVE-2020-5938 Inadequate Encryption Strength vulnerability in F5 products
On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow.
network
low complexity
f5 CWE-326
4.0
4.0
2020-08-26 CVE-2020-5922 Cross-Site Request Forgery (CSRF) vulnerability in F5 products
In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser.
network
f5 CWE-352
critical
 9.3
9.3
2020-08-26 CVE-2020-5912 Improper Input Validation vulnerability in F5 products
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may overwrite arbitrary files.
local
low complexity
f5 CWE-20
3.6
3.6