CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-6591
https://notcve.org/view.php?id=CVE-2019-6591
05 Feb 2019 — On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. En BIG-IP APM, desde la versión 14.0.0 hasta la 14.0.0.4, desde la 13.0.0 hasta la 13.1.1.3 y desde la 12.1.0 hasta la 12.1.3.7, existe una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en la página de recursos de información para usuarios autenticad... • https://support.f5.com/csp/article/K32840424 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 52EXPL: 0CVE-2018-15333
https://notcve.org/view.php?id=CVE-2018-15333
28 Dec 2018 — On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps. En versiones 11.2.1. y posteriores, el acceso a los archivos de instantánea sin restricciones permite que un usuario del sistema BIG-IP con cualquier rol, incluyendo Guest, tenga acceso y descargue archivos de captura previamente generad... • http://www.securityfocus.com/bid/106380 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-15334
https://notcve.org/view.php?id=CVE-2018-15334
28 Dec 2018 — A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. Una vulnerabilidad Cross-Site Request Forgery (CSRF) en APM webtop, en versiones 11.2.1 o posteriores, podría permitir que un atacante fuerce una sesión de APM webtop a que cierre la sesión y requiera reautenticarse. • http://www.securityfocus.com/bid/106364 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15335
https://notcve.org/view.php?id=CVE-2018-15335
28 Dec 2018 — When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended message in the failure response Cuando APM 13.0.0-13.1.x se despliega como OAuth Resource Server, APM se convierte en una aplicación de cliente en un servidor de autorización externo de OAuth. En ciertos casos en los que la comunicación... • http://www.securityfocus.com/bid/106355 •
CVSS: 7.2EPSS: 0%CPEs: 40EXPL: 0CVE-2018-15329
https://notcve.org/view.php?id=CVE-2018-15329
20 Dec 2018 — On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. En BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, o 12.1.0-12.1.3.7; o Enterprise Manager 3.1.1, cuando los usuarios administrativos autenticados ejecutan comandos en el TMUI (Traffic Management User Interface), tam... • https://support.f5.com/csp/article/K61620494 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 39EXPL: 0CVE-2018-15330
https://notcve.org/view.php?id=CVE-2018-15330
20 Dec 2018 — On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a virtual server using the inflate functionality to process a gzip bomb as a payload, the BIG-IP system will experience a fatal error and may cause the Traffic Management Microkernel (TMM) to produce a core file. En BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, o 12.1.0-12.1.3.7, cuando un servidor virtual que emplea la funcionalidad "inflate" procesa una bomba gzip como carga útil, el sistema BIG-IP experimentará un error fatal y podría provoc... • https://support.f5.com/csp/article/K23328310 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 57EXPL: 0CVE-2018-15328
https://notcve.org/view.php?id=CVE-2018-15328
12 Dec 2018 — On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files. En BIG-IP 14.0.x, 13.x, 12.x y 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x y 4.x, e iWorkflow 2.x, las frases de contraseña para los usuarios SNMPv3 y destinos de captura q... • http://www.securityfocus.com/bid/106258 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2018-15332
https://notcve.org/view.php?id=CVE-2018-15332
06 Dec 2018 — The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition. El componente svpn del cliente F5 BIG-IP APM en versiones anteriores a la 7.1.7.2 para Linux y macOS se ejecuta como proceso privilegiado y puede permitir que un usuario sin privilegios obtenga archivos propiedad de root en el host del cliente local en una condición de ... • http://www.securityfocus.com/bid/106135 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2018-15317
https://notcve.org/view.php?id=CVE-2018-15317
31 Oct 2018 — In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BAD_RECORD_MAC errors. Clients will be unable to access the application load balanced by a virtual server with an SSL profile until tmm is restarted. En BIG-IP versión 14.0.0 hasta 4.0.0.2, versión 13.0.0 hasta 13.1.1.5, versión 12.1.0 hasta 12.1.4.1 y versión 11.2.1 hasta 1... • https://support.f5.com/csp/article/K43625118 •
CVSS: 7.8EPSS: 0%CPEs: 39EXPL: 0CVE-2018-15318
https://notcve.org/view.php?id=CVE-2018-15318
31 Oct 2018 — In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If an MPTCP connection receives an abort signal while the initial flow is not the primary flow, the initial flow will remain after the closing procedure is complete. TMM may restart and produce a core file as a result of this condition. En BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1 o 12.1.3.4-12.1.3.6, si una conexión MPTCP recibe una señal de aborto mientras el flujo inicial no es el primario, el flujo inicial se mantendrá una vez se comple... • https://support.f5.com/csp/article/K16248201 • CWE-20: Improper Input Validation •