CVE-2019-6625

CVE-2019-6625 is a reflected XSS in BIG-IP TMUI (Configuration utility). The vulnerability exists on multiple BIG-IP versions (11.5.1–11.6.4, 12.1.0–12.1.4, 13.0.0–13.1.1.4, 14.0.0–14.0.0.4, 14.1.0–14.1.0.5) and is triggered by visiting a specially crafted URL, allowing execution of JavaScript in...

CVE-2019-6626

On BIG-IP AFM, Analytics, ASM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.3.4, A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the Configuration utility...

CVE-2019-6626

CVE-2019-6626 is a reflected cross-site scripting (XSS) flaw affecting BIG-IP TMUI (Configuration utility) on multiple editions: 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.3.4. The issue exists on an undisclosed TMUI page and can allow an attacker to execute...

F5 Networks BIG-IP : BIG-IP TMUI XSS vulnerability (K79902360)

A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI also known as the BIG-IP Configuration utility. CVE-2019-6625 Impact To perform the attack, a user must visit a specially crafted URL that includes the specific...

F5 Networks BIG-IP : BIG-IP TMUI XSS vulnerability (K00432398)

A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the BIG-IP Configuration utility. CVE-2019-6626 Impact If a targeted administrative user accesses the Configuration utility for one of the affected...

F5 Networks BIG-IP : BIG-IP AFM and PEM TMUI XSS vulnerability (K61002104)

Undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting XSS issue. This is a control plane issue only and is not accessible from the data plane. The attack requires a malicious resource administrator to store the XSS. CVE-2019-6639 Impact A...

F5 Networks BIG-IP : F5 TMUI and iControl Rest vulnerability (K64855220)

High volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any role.CVE-2019-6634 Note: The No Access user role istechnicallya role, but a user...

CVE-2019-6598

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack...

Code injection

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack...

CVE-2019-6598

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack...

Command injection

In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may...

CVE-2019-6598

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack...

CVE-2019-6598

The connected advisory details CVE-2019-6598 affecting BIG-IP TMUI/Configuration utility. Vulnerable in BIG-IP 14.0.0 (to 14.0.0.2), 13.x (to 13.1.0.7/13.1.0.8), 12.1.x (to 12.1.3.5/12.1.3.6), 11.x (to 11.6.3.2/11.5.8), and Enterprise Manager 3.1.1. Attack requires an authenticated user with any ...

CVE-2019-6597

In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may...

CVE-2019-6597

CVE-2019-6597 (BIG-IP TMUI): Affects BIG-IP versions 13.0.0–13.1.1.1, 12.1.0–12.1.3.7, 11.6.1–11.6.3.2, 11.5.1–11.5.8, and Enterprise Manager 3.1.1. The vulnerability arises because restrictions on commands that can be executed via the Traffic Management User Interface (TMUI) may not be enforced ...

F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K29280193)

When authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. CVE-2019-6597 Impact BIG-IP and Enterprise Manager This vulnerability allows a privilege...

Cross site scripting

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting XSS vulnerability is present in an undisclosed page of the BIG-IP TMUI Traffic Management User Interface also known as the BIG-IP configuration utility...

CVE-2019-6589

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting XSS vulnerability is present in an undisclosed page of the BIG-IP TMUI Traffic Management User Interface also known as the BIG-IP configuration utility...

CVE-2019-6589

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting XSS vulnerability is present in an undisclosed page of the BIG-IP TMUI Traffic Management User Interface also known as the BIG-IP configuration utility...

CVE-2019-6589

The CVE-2019-6589 vulnerability affects BIG-IP TMUI (Traffic Management User Interface) and is a reflected XSS in an undisclosed page. Exploitation requires a user to visit a crafted URL; on success, JavaScript can run in the context of the logged-in user, and for admins with bash access it can l...