CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2014-3959
https://notcve.org/view.php?id=CVE-2014-3959
Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Vulnerabilidad de XSS en list.jsp en la utilidad de configuración en F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM y Link Controller 11.2.1 hasta 11.5.1, AAM 11.4.0 hasta 11.5.1, PEM 11.3.0 hasta 11.5.1, PSM 11.2.1 hasta 11.4.1, WebAccelerator y WOM 11.2.1 hasta 11.3.0 y Enterprise Manager 3.0.0 hasta 3.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados. • http://secunia.com/advisories/58969 http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15296.html http://www.securityfocus.com/bid/67771 http://www.securitytracker.com/id/1030319 http://www.securitytracker.com/id/1030320 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 78%CPEs: 86EXPL: 2CVE-2014-2928 – F5 iControl - Remote Command Execution
https://notcve.org/view.php?id=CVE-2014-2928
The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request. La API iControl en F5 BIG-IP LTM, APM, ASM, GTM, Link Controller y PSM 10.0.0 hasta 10.2.4 y 11.0.0 hasta 11.5.1, BIG-IP AAM 11.4.0 hasta 11.5.1, BIG-IP AFM y PEM 11.3.0 hasta 11.5.1, BIG-IP Analytics 11.0.0 hasta 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 hasta 10.2.4 y 11.0.0 hasta 11.3.0, Enterprise Manager 2.1.0 hasta 2.3.0 y 3.0.0 hasta 3.1.1 y BIG-IQ Cloud, Device y Security 4.0.0 hasta 4.3.0 permite a administradores remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en el elemento de nombre de anfitrión en una solicitud SOAP. F5 iControl systems suffer from a remote command execution vulnerability. • https://www.exploit-db.com/exploits/34927 http://seclists.org/fulldisclosure/2014/May/32 http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html http://www.exploit-db.com/exploits/34927 http://www.osvdb.org/106728 •
CVSS: 4.4EPSS: 0%CPEs: 21EXPL: 0CVE-2013-6024
https://notcve.org/view.php?id=CVE-2013-6024
The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified vectors. Los componentes Edge Client en F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, y 14.x, BIG-IP Edge Gateway 10.x y 11.x y FirePass 7.0.0 permiten a atacantes obtener información sensible de la memoria de procesos a través de vectores no especificados. • http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14969.html http://www.kb.cert.org/vuls/id/146430 http://www.securityfocus.com/bid/65422 https://support.f5.com/csp/article/K14969 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 86EXPL: 0CVE-2013-6016
https://notcve.org/view.php?id=CVE-2013-6016
The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.3.0 might change a TCP connection to the ESTABLISHED state before receiving the ACK packet, which allows remote attackers to cause a denial of service (SIGFPE or assertion failure and TMM restart) via unspecified vectors. The Traffic Management Microkernel (TMM) en F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, y WOM 10.0.0 hasta la versión 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 hasta la versión 9.4.8, 10.0.0 hasta la versión 10.2.4, and 11.0.0 hasta la versión 11.4.1; y WebAccelerator 9.4.0 hasta la versión 9.4.8, 10.0.0 hasta la versión 10.2.4, and 11.0.0 hasta la versión 11.3.0 podría cambiar a una conexión TCP al estado ESTABLISHED antes de recibir el paquete ACK, lo que permite a atacantes remotos provocar una denegación de servicio (SIGFPE o error de aserción y reinicio TMM) a través de vectores no especificados. • http://secunia.com/advisories/55378 http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13233.html http://www.securitytracker.com/id/1029220 https://exchange.xforce.ibmcloud.com/vulnerabilities/88166 • CWE-20: Improper Input Validation •