CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5944
https://notcve.org/view.php?id=CVE-2020-5944
05 Nov 2020 — In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. F5 has done further review of this vulnerability and has re-classified it as a defect. CVE-2020-5944 will continue to be referenced in F5 Security Advisory K57274211 and will not be assigned to other F5 vulnerabilities. En BIG-IQ versión 7.1.0, el acceso a los eventos de DoS Summary y las páginas de DNS Overview e... • https://support.f5.com/csp/article/K57274211 •
CVSS: 6.5EPSS: 0%CPEs: 28EXPL: 0CVE-2020-5943
https://notcve.org/view.php?id=CVE-2020-5943
05 Nov 2020 — In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password. En las versiones 14.1.0-14.1.0.1 y 14.1.2.5-14.1.2.7, cuando un objeto de BIG-IP es creado o listado por medio de la interfaz REST, los campos protegidos están ofuscados en la respuesta de REST, no se protegen por m... • https://support.f5.com/csp/article/K20059815 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.5EPSS: 0%CPEs: 33EXPL: 0CVE-2020-5945
https://notcve.org/view.php?id=CVE-2020-5945
05 Nov 2020 — In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate to full admin. En BIG-IP versiones 16.0.0-16.0.0.1, 15.1.0-15.1.0.5 y 14.1.0-14.1.2.7, la página TMUI no revelada contiene una vulnerabilidad de tipo cross site scripting almacenado. El problema permite una escalada de privilegios menor para un administrador de recursos esc... • https://support.f5.com/csp/article/K21540525 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 39EXPL: 0CVE-2020-5940
https://notcve.org/view.php?id=CVE-2020-5940
05 Nov 2020 — In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility. En las versiones 16.0.0-16.0.0.1, 15.1.0-15.1.0.5 y 14.1.0-14.1.2.3, se presenta una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en una página no revelada de BIG-IP Traffic Management User Interface (TMUI), también se conoce como la utilidad BI... • https://support.f5.com/csp/article/K43310520 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2020-5941
https://notcve.org/view.php?id=CVE-2020-5941
05 Nov 2020 — On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESOLV::lookup command within an iRule may cause the Traffic Management Microkernel (TMM) to generate a core file and restart. This issue occurs when data exceeding the maximum limit of a hostname passes to the RESOLV::lookup command. En BIG-IP versiones 16.0.0-16.0.0.1 y 15.1.0-15.1.0.5, usando el comando RESOLV::lookup dentro de una iRule puede causar que Traffic Management Microkernel (TMM) genere un archivo central y se reinicie. Est... • https://support.f5.com/csp/article/K03125360 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5942
https://notcve.org/view.php?id=CVE-2020-5942
05 Nov 2020 — In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when processing Capabilities-Exchange-Answer (CEA) packets with certain attributes from the Policy and Charging Rules Function (PCRF) server, the Traffic Management Microkernel (TMM) may generate a core file and restart. En BIG-IP PEM versiones 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2 y 11.6.1 -11.6.5.2, cuando se procesan paquetes Capabi... • https://support.f5.com/csp/article/K82530456 •
CVSS: 7.5EPSS: 0%CPEs: 56EXPL: 0CVE-2020-5939
https://notcve.org/view.php?id=CVE-2020-5939
05 Nov 2020 — In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface Controller (NIC) card and Single Root I/O Virtualization (SR-IOV) enabled on vSphere, may fail and leave the Traffic Management Microkernel (TMM) in a state where it cannot transmit traffic. En las versiones 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6 y 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE... • https://support.f5.com/csp/article/K75111593 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-5936
https://notcve.org/view.php?id=CVE-2020-5936
29 Oct 2020 — On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel (TMM) process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile. En BIG-IP LTM versiones 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4 y 12.1.0-12.1.5.1, el proceso de Traffic Management Microkernel (TMM) puede consumir recursos excesivos cuando se procesa el tráfico SSL y la autenticación del cliente están habi... • https://support.f5.com/csp/article/K44020030 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-5934
https://notcve.org/view.php?id=CVE-2020-5934
29 Oct 2020 — On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted. En BIG-IP APM versiones 15.1.0-15.1.0.5, 14.1.0-14.1.2.3 y 13.1.0-13.1.3.3, cuando pasan múltiples peticiones HTTP del mismo cliente hacia SAML Single Logout (SLO) URL configurada son pasadas a través de una conexión TCP Keep-Alive, el tráfico a TMM puede ser interrump... • https://support.f5.com/csp/article/K44808538 •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0CVE-2020-5931
https://notcve.org/view.php?id=CVE-2020-5931
29 Oct 2020 — On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart. En BIG-IP versiones 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2 y 11.6.1-11.6.5.2, servidores virtuales con OneConnect puede manejar incorrectamente los encabezados de respuesta HTTP relacionados con WebSockets, causando que TMM se reinicie • https://support.f5.com/csp/article/K25400442 •