CVSS: 8.3EPSS: 0%CPEs: 84EXPL: 0CVE-2021-22978
https://notcve.org/view.php?id=CVE-2021-22978
12 Feb 2021 — On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1, versiones 15.1.x anteriores a 15.1.1, versiones 14... • https://support.f5.com/csp/article/K87502622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 70EXPL: 0CVE-2021-22979
https://notcve.org/view.php?id=CVE-2021-22979
12 Feb 2021 — On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned and allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.... • https://support.f5.com/csp/article/K63497634 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 58EXPL: 0CVE-2021-22974
https://notcve.org/view.php?id=CVE-2021-22974
12 Feb 2021 — On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP ve... • https://support.f5.com/csp/article/K68652018 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 42EXPL: 0CVE-2021-22975
https://notcve.org/view.php?id=CVE-2021-22975
12 Feb 2021 — On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while passing large bursts of traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2.1 y versiones 14.1.x anteriores a 14.1.3.1, en algunas circunstancias, Traffic Management Microkern... • https://support.f5.com/csp/article/K21971977 •
CVSS: 6.1EPSS: 0%CPEs: 42EXPL: 0CVE-2020-27719
https://notcve.org/view.php?id=CVE-2020-27719
24 Dec 2020 — On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. En BIG-IP versiones 16.0.0-16.0.0.1, 15.1.0-15.1.0.5 y 14.1.0-14.1.3, se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en una página no revelada de la utilidad BIG-IP Configuration • https://support.f5.com/csp/article/K19166530 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2020-5947
https://notcve.org/view.php?id=CVE-2020-5947
19 Nov 2020 — In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE). En versiones 16.0.0-16.0.0.1 y 15.1.0-15.1.1, en plataformas BIG-IP específicas, unos ... • https://support.f5.com/csp/article/K64571774 •
CVSS: 7.5EPSS: 0%CPEs: 56EXPL: 0CVE-2020-5939
https://notcve.org/view.php?id=CVE-2020-5939
05 Nov 2020 — In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface Controller (NIC) card and Single Root I/O Virtualization (SR-IOV) enabled on vSphere, may fail and leave the Traffic Management Microkernel (TMM) in a state where it cannot transmit traffic. En las versiones 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6 y 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE... • https://support.f5.com/csp/article/K75111593 •
CVSS: 9.3EPSS: 0%CPEs: 70EXPL: 0CVE-2020-5922
https://notcve.org/view.php?id=CVE-2020-5922
26 Aug 2020 — In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser. En BIG-IP versiones 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1 y 11.6.1-11.6.5.2, iControl REST no implementa protecciones de Cross Site Request Forgery para unos usuarios que usan la autenticación básica en un navegador web • https://support.f5.com/csp/article/K20606443 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 84EXPL: 0CVE-2020-5912
https://notcve.org/view.php?id=CVE-2020-5912
26 Aug 2020 — In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may overwrite arbitrary files. En BIG-IP versiones 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1 y 11.6.1- 11.6.5.1, el comando de volcado del proceso restjavad no sigue las mejores prácticas de codificación actuales y puede sobrescribir archivos arbitrarios • https://support.f5.com/csp/article/K12936322 •
CVSS: 6.8EPSS: 0%CPEs: 26EXPL: 0CVE-2020-5916
https://notcve.org/view.php?id=CVE-2020-5916
26 Aug 2020 — In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory. En BIG-IP versiones 15.1.0-15.1.0.4 y 15.0.0-15.0.1.3, el rol de usuario Certificate Administrator y roles mas privilegiados pueden llevar a cabo lecturas de archivos arbitrarias fuera del directorio root web • https://support.f5.com/csp/article/K29923912 • CWE-269: Improper Privilege Management •