CVSS: 7.5EPSS: 2%CPEs: 56EXPL: 0CVE-2016-5023
https://notcve.org/view.php?id=CVE-2016-5023
26 Aug 2016 — Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 through 11.5.4, 11.6.0 HF5 through HF7, and 12.0.0, when configured with a TCP profile, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic. Servidores virtuales en sistemas F5 BIG-IP 11.2.1 HF11 hasta la versión HF15, 11.4.1 HF4 hasta la versión HF10, 11.5.3 hasta la versión 11.5.4, 11.6.0 HF5 hasta la versión HF7 y 12.0.0, cuando se configura c... • http://www.securityfocus.com/bid/92670 • CWE-284: Improper Access Control •
CVSS: 8.5EPSS: 0%CPEs: 118EXPL: 0CVE-2015-8022
https://notcve.org/view.php?id=CVE-2015-8022
19 Aug 2016 — The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AFM and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF16 and 11.3.0; and BIG-IP PSM 11.x before 11.2.1 HF16, 11.3.... • http://www.securitytracker.com/id/1036627 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 104EXPL: 0CVE-2016-5736
https://notcve.org/view.php?id=CVE-2016-5736
19 Aug 2016 — The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP DNS 12.x before 12.0.0 HF2; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 before HF16; BIG-IP GTM 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before ... • http://www.securitytracker.com/id/1036618 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 1%CPEs: 140EXPL: 0CVE-2016-5020
https://notcve.org/view.php?id=CVE-2016-5020
30 Jun 2016 — F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script. F5 BIG-IP en versiones anteriores a 12.0.0 HF3 permite a usuarios remotos autenticados modificar la configuración de cuenta de usuarios con el rol Resource Administration y obtener privilegios a través de una secuencia de comandos de monitor Extended Application Verifi... • http://www.securityfocus.com/bid/91532 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 73EXPL: 0CVE-2016-5021
https://notcve.org/view.php?id=CVE-2016-5021
24 Jun 2016 — The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive inform... • http://www.securitytracker.com/id/1036172 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2016-3687
https://notcve.org/view.php?id=CVE-2016-3687
16 Jun 2016 — Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in the SSO_ORIG_URI parameter. Vulnerabilidad de redirección abierta en F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x y 11.6.x en versiones anteriores a 11.6.0 HF6 y Edge Gateway 11.2.1, cuando utiliza multidominio de sesión único (S... • http://www.securitytracker.com/id/1036111 •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2016-4545
https://notcve.org/view.php?id=CVE-2016-4545
07 Jun 2016 — Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause a denial of service (resource consumption and Traffic Management Microkernel restart) via an SSL alert during the handshake. Servidores virtuales en F5 BIG-IP 11.5.4, cuando perfiles SSL están habilitados, permite a atacantes remotos provocar una denegación de servicio (consumo de recursos y reinicio de Traffic Management Microkernel) a través de una alerta SSL durante el apretón de manos. • http://www.securitytracker.com/id/1036025 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 1%CPEs: 120EXPL: 0CVE-2015-8099
https://notcve.org/view.php?id=CVE-2015-8099
13 May 2016 — F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10... • http://www.securitytracker.com/id/1035873 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 106EXPL: 0CVE-2016-2084
https://notcve.org/view.php?id=CVE-2016-2084
13 Apr 2016 — F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 1... • http://www.securitytracker.com/id/1035520 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 0CVE-2016-3686
https://notcve.org/view.php?id=CVE-2016-3686
13 Apr 2016 — The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect. La característica Single Sign-On (SSO) en F5 BIG-IP APM 11.x en versiones anteriores a 11.6.0 HF6 y BIG-IP Edge Gateway 11.0.0 hasta la versión 11.3.0 podría permitir a atacantes remotos obtener información SessionId sensible aprovechando el acceso a la cabe... • http://www.securitytracker.com/id/1035519 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •