CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0CVE-2019-6603
https://notcve.org/view.php?id=CVE-2019-6603
28 Mar 2019 — In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. En BP, en versiones 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3 y 13.0.0-13.0.1, los paquetes TCP mal formados enviados a una dirección IP propia o a un servidor virtual FastL4 podrían provocar una interrupción en... • http://www.securityfocus.com/bid/107625 •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2019-6602
https://notcve.org/view.php?id=CVE-2019-6602
28 Mar 2019 — In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request. En BIG-IP, en sus versiones 11.5.1-11.5.8 y 11.6.1-11.6.3, la página de inicio de sesión "Configuration Utility" podría no cumplir con las mejores prácticas al gestionar una petición manipulada. • http://www.securityfocus.com/bid/107626 • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-6601
https://notcve.org/view.php?id=CVE-2019-6601
13 Mar 2019 — In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager (AAM) wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts. En BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, o 11.5.1-11.5.8, el proceso wamd de Application Acceleration Manager (AAM) empleado en el procesamiento de imágenes y PDF no renuncia a los permisos del grupo al ejecutar scripts helper. • http://www.securityfocus.com/bid/107444 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 66EXPL: 0CVE-2019-6598
https://notcve.org/view.php?id=CVE-2019-6598
13 Mar 2019 — In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role (other than the No Access role). The No Access user role cannot login and does not have the access level to perform the attack. En BIG-IP, 14.0.0-14.0.0.2, 13.0.0-13.1.... • https://support.f5.com/csp/article/K44603900 •
CVSS: 6.1EPSS: 0%CPEs: 65EXPL: 0CVE-2019-6600
https://notcve.org/view.php?id=CVE-2019-6600
13 Mar 2019 — In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients. En BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, o 11.5.1-11.5.8, cuando la autenticación remota está habilitada para usu... • http://www.securityfocus.com/bid/107470 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 53EXPL: 0CVE-2019-6597
https://notcve.org/view.php?id=CVE-2019-6597
13 Mar 2019 — In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. En BIG-IP, 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, o 11.5.1-11.5.8 o Enterprise Manager 3.1.1, cuando los usuarios administrativos autenticados ejecutan comandos en el TMUI (Traffic Ma... • https://support.f5.com/csp/article/K29280193 •
CVSS: 6.1EPSS: 0%CPEs: 52EXPL: 0CVE-2019-6589
https://notcve.org/view.php?id=CVE-2019-6589
14 Feb 2019 — On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility. En BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7 y 11.6.0-11.6.3.2, hay una vulnerabilidad Cross-Site Scripting (XSS) reflejado en una página sin revelar de BIG-IP TMUI (Traffic Management User Interface), también conocido como l... • https://support.f5.com/csp/article/K23566124 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 52EXPL: 0CVE-2018-15333
https://notcve.org/view.php?id=CVE-2018-15333
28 Dec 2018 — On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps. En versiones 11.2.1. y posteriores, el acceso a los archivos de instantánea sin restricciones permite que un usuario del sistema BIG-IP con cualquier rol, incluyendo Guest, tenga acceso y descargue archivos de captura previamente generad... • http://www.securityfocus.com/bid/106380 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 57EXPL: 0CVE-2018-15328
https://notcve.org/view.php?id=CVE-2018-15328
12 Dec 2018 — On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files. En BIG-IP 14.0.x, 13.x, 12.x y 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x y 4.x, e iWorkflow 2.x, las frases de contraseña para los usuarios SNMPv3 y destinos de captura q... • http://www.securityfocus.com/bid/106258 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2018-15317
https://notcve.org/view.php?id=CVE-2018-15317
31 Oct 2018 — In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BAD_RECORD_MAC errors. Clients will be unable to access the application load balanced by a virtual server with an SSL profile until tmm is restarted. En BIG-IP versión 14.0.0 hasta 4.0.0.2, versión 13.0.0 hasta 13.1.1.5, versión 12.1.0 hasta 12.1.4.1 y versión 11.2.1 hasta 1... • https://support.f5.com/csp/article/K43625118 •