CVE-2020-5904

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery CSRF vulnerability in the Traffic Management User Interface TMUI, also referred to as the Configuration utility, exists in an undisclosed page...

CVE-2020-5904

CVE-2020-5904 affects F5 BIG-IP TMUI (Configuration utility). A CSRF flaw in TMUI exists on undisclosed pages, enabling an authenticated administrator session to run TMOS Shell commands. Affected versions: BIG-IP 12.1.0–12.1.5.1; 13.1.0–13.1.3.3; 14.1.0–14.1.2.5; 15.0.0–15.1.0.3. Remediation per ...

PT-2020-5461

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.6.1 through 11.6.5.1 F5 BIG-IP versions 12.1.0 through 12.1.5.1 F5 BIG-IP versions 13.1.0 through 13.1.3.3 F5 BIG-IP versions 14.1.0 through 14.1.2.5 F5 BIG-IP versions 15.0.0 through 15.1.0.3 Description The Traffic...

F5 Networks BIG-IP : TMUI vulnerability (K07051153)

In the BIG-IP Configuration utility Network WCCP page, the system does not sanitize all user-provided data before displaying the page.CVE-2020-5905 Impact Authenticated administrative users with access to this page in the Configuration utility may inject code onto the WCCP pages, resulting in a a...

CVE-2020-5902

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface TMUI, also referred to as the Configuration utility, has a Remote Code Execution RCE vulnerability in undisclosed pages...

F5 Networks BIG-IP : TMUI RCE vulnerability (K52145254)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.2 / 12.1.5.2 / 13.1.3.4 / 14.1.2.6 / 15.0.1.4 / 15.1.0.4 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K52145254 advisory. - In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5,...

F5 Networks BIG-IP : TMUI CSRF vulnerability (K31301245)

The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.2 / 13.1.3.4 / 14.1.2.6 / 15.0.1.4 / 15.1.0.4 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K31301245 advisory. A cross-site request forgery CSRF vulnerability in the Traffic Managemen...

CVE-2020-5902

CVE-2020-5902 is an unauthenticated RCE in F5 BIG-IP TMUI (Traffic Management User Interface). The root cause is a path traversal/authentication bypass flaw in TMUI that allows remote attackers to trigger arbitrary code execution on vulnerable BIG-IP devices. Affected versions include multiple 11...

F5 Networks BIG-IP : BIG-IP TMUI XSS vulnerability (K22441651)

A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the BIG-IP Configuration utility.CVE-2019-6657 Impact An attacker may exploit this vulnerability usinga crafted URL to a reflected cross-site...

CVE-2019-6657

On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the BIG-IP Configuration utility...

Cross site scripting

On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the BIG-IP Configuration utility...

CVE-2019-6657

CVE-2019-6657 affects F5 BIG-IP TMUI (Configuration utility). A reflected XSS exists in an undisclosed TMUI page for BIG-IP versions 11.5.2–11.6.5.1, 12.1.0–12.1.5, and 13.1.0–13.1.3.1. The root cause is insufficient input validation on TMUI pages, enabling a crafted URL to execute script in a vi...

CVE-2019-6657

On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the BIG-IP Configuration utility...

CVE-2019-6639

CVE-2019-6639 affects BIG-IP AFM/PEM TMUI Subscriber Management pages. A stored XSS in undisclosed TMUI pages is exploitable by an authenticated Resource Administrator, potentially allowing execution of system commands with Administrator privileges (bash disabled in Appliance mode, but command ex...

CVE-2019-6639

On BIG-IP AFM, PEM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting XSS issue. This is a control plane issue only and is not...

CVE-2019-6626

On BIG-IP AFM, Analytics, ASM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.3.4, A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the Configuration utility...

Cross site scripting

On BIG-IP AFM, Analytics, ASM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.3.4, A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the Configuration utility...

Cross site scripting

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI also known as the BIG-IP Configuration utility...

CVE-2019-6634

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any...

CVE-2019-6625

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI also known as the BIG-IP Configuration utility...