CVSS: 4.9EPSS: 0%CPEs: 136EXPL: 0CVE-2016-1497
https://notcve.org/view.php?id=CVE-2016-1497
26 Aug 2016 — The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4 HF2, 1.6.x before 11.6.1, and 12.0.0 before HF1 allows remote administrators to read Access Policy Manager (APM) access logs via unspecified vectors. La utilidad Configuration en sistemas F5 BIG-IP 11.0.x, 11.1.x, 11.2.x en versiones anteriores a11.2.1 HF16, 11.3.x, 11.4.x en versiones anteriores a 11.4.1 HF10, 11.5.x en versiones anteriores a 11.5.4 HF2, 1.6.x en... • http://www.securityfocus.com/bid/92671 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 56EXPL: 0CVE-2016-5023
https://notcve.org/view.php?id=CVE-2016-5023
26 Aug 2016 — Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 through 11.5.4, 11.6.0 HF5 through HF7, and 12.0.0, when configured with a TCP profile, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic. Servidores virtuales en sistemas F5 BIG-IP 11.2.1 HF11 hasta la versión HF15, 11.4.1 HF4 hasta la versión HF10, 11.5.3 hasta la versión 11.5.4, 11.6.0 HF5 hasta la versión HF7 y 12.0.0, cuando se configura c... • http://www.securityfocus.com/bid/92670 • CWE-284: Improper Access Control •
CVSS: 8.5EPSS: 0%CPEs: 118EXPL: 0CVE-2015-8022
https://notcve.org/view.php?id=CVE-2015-8022
19 Aug 2016 — The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AFM and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF16 and 11.3.0; and BIG-IP PSM 11.x before 11.2.1 HF16, 11.3.... • http://www.securitytracker.com/id/1036627 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 104EXPL: 0CVE-2016-5736
https://notcve.org/view.php?id=CVE-2016-5736
19 Aug 2016 — The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP DNS 12.x before 12.0.0 HF2; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 before HF16; BIG-IP GTM 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before ... • http://www.securitytracker.com/id/1036618 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 1%CPEs: 140EXPL: 0CVE-2016-5020
https://notcve.org/view.php?id=CVE-2016-5020
30 Jun 2016 — F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script. F5 BIG-IP en versiones anteriores a 12.0.0 HF3 permite a usuarios remotos autenticados modificar la configuración de cuenta de usuarios con el rol Resource Administration y obtener privilegios a través de una secuencia de comandos de monitor Extended Application Verifi... • http://www.securityfocus.com/bid/91532 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2016-3687
https://notcve.org/view.php?id=CVE-2016-3687
16 Jun 2016 — Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in the SSO_ORIG_URI parameter. Vulnerabilidad de redirección abierta en F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x y 11.6.x en versiones anteriores a 11.6.0 HF6 y Edge Gateway 11.2.1, cuando utiliza multidominio de sesión único (S... • http://www.securitytracker.com/id/1036111 •
CVSS: 5.9EPSS: 1%CPEs: 120EXPL: 0CVE-2015-8099
https://notcve.org/view.php?id=CVE-2015-8099
13 May 2016 — F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10... • http://www.securitytracker.com/id/1035873 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 106EXPL: 0CVE-2016-2084
https://notcve.org/view.php?id=CVE-2016-2084
13 Apr 2016 — F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 1... • http://www.securitytracker.com/id/1035520 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 0CVE-2016-3686
https://notcve.org/view.php?id=CVE-2016-3686
13 Apr 2016 — The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect. La característica Single Sign-On (SSO) en F5 BIG-IP APM 11.x en versiones anteriores a 11.6.0 HF6 y BIG-IP Edge Gateway 11.0.0 hasta la versión 11.3.0 podría permitir a atacantes remotos obtener información SessionId sensible aprovechando el acceso a la cabe... • http://www.securitytracker.com/id/1035519 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 71EXPL: 0CVE-2015-8021
https://notcve.org/view.php?id=CVE-2015-8021
12 Apr 2016 — Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; and BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF11 and 11.3.0 allows remote authenticated users to upload files via uploadImage.php. Vulnerabilidad de lista negr... • http://www.securityfocus.com/bid/82340 • CWE-284: Improper Access Control •