F5 Networks BIG-IP : TMUI vulnerability (K61620494)

When authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. CVE-2018-15329 Impact This vulnerability may allow non-administrative TMUI users to run...

Command injection

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforc...

CVE-2018-15329

The CVE-2018-15329 issue affects BIG-IP TMUI (Traffic Management User Interface) where restrictions on allowed commands may not be enforced when authenticated admins run commands. Affected versions include BIG-IP 14.0.0–14.0.0.2, 13.0.0–13.1.1.1, 12.1.0–12.1.3.7, and Enterprise Manager 3.1.1. Acc...

F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K20222812)

When authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. CVE-2018-15327 Impact BIG-IP and Enterprise Manager This vulnerability allowsa privilege...

F5 Networks BIG-IP : XSS vulnerability in undisclosed TMUI page (K21042153)

A reflected Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user.CVE-2018-15313 Impact BIG-IP A remote unauthenticated attacker could potentially exploit...

F5 Networks BIG-IP : XSS vulnerability in undisclosed TMUI page (K04524282)

A reflected Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. CVE-2018-15314 Impact BIG-IP A remote unauthenticated attacker could potentially exploit...

F5 Networks BIG-IP : TMUI vulnerability (K30500703)

When authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. CVE-2018-5511 Impact This vulnerability allowsa privilege escalation for authenticated...

CVE-2018-15327

In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced...

Command injection

In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced...

CVE-2018-15327

CVE-2018-15327 affects BIG-IP TMUI (Traffic Management UI) and Enterprise Manager. Authenticated administrative users can run commands without proper restrictions, enabling privilege escalation. Affected: BIG-IP 14.x (14.0.0–14.0.0.2) and 14.x 14.0.0.3 fix; 13.x (13.0.0–13.1.1.1) with fix in 13.1...

F5 BIG-IP AFM Cross-Site Scripting Vulnerability (CNVD-2019-01910)

F5 BIG-IP AFM is an advanced firewall product from F5 USA for protection against DDos attacks. A cross-site scripting vulnerability exists in the TMUI page in F5 BIG-IP AFM versions 13.0.0 through 13.1.1.1 and 12.1.0 through 12.1.3.6, which can be exploited by a remote attacker to inject arbitrar...

CVE-2018-15314

On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page...

CVE-2018-15313

On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page...

CVE-2018-15314

On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page...

CVE-2018-15313

The CVE-2018-15313 issue is a reflected Cross-Site Scripting vulnerability in the BIG-IP AFM TMUI page. Affected versions include BIG-IP AFM 13.0.0–13.1.1 and 12.1.0–12.1.3.6. Remediation per F5 advisory: upgrade to 13.1.1.2 (for 13.x) or 12.1.3.7 (for 12.x). Modeled products beyond these version...

CVE-2018-15313

On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page...

CVE-2018-5523

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on...

Command injection

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on...

CVE-2018-5523

Summary of CVE-2018-5523 (F5 BIG-IP TMUI command restriction bypass) This issue affects BIG-IP TMUI (BIG-IP Configuration utility) on multiple versions, where authenticated administrative users can run commands without enforcement of restrictions. A privilege-escalation path exists for authentica...

CVE-2018-5511

On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced...