F5 Networks BIG-IP : BIG-IP TMUI vulnerability (K42526507)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4.1 / 14.1.4.2 / 15.1.3 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K42526507 advisory. - On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before...

F5 Networks BIG-IP : IP Intelligence Feed List TMUI vulnerability (K68151373)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.1 / 12.1.4.1 / 13.1.1.5 / 14.0.0.5 / 14.1.0.6 / 15.0.0. It is, therefore, affected by a vulnerability as referenced in the K68151373 advisory. - On BIG-IP AFM, ASM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4,...

K29280193: BIG-IP Configuration utility vulnerability CVE-2019-6597

Security Advisory Description When authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. CVE-2019-6597 Impact BIG-IP and Enterprise Manager This...

K92807525: TMUI XSS vulnerability CVE-2022-27878

Security Advisory Description A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2022-27878 Impact An authenticated attacker may exploit...

K43310520: BIG-IP TMUI vulnerability CVE-2020-5940

Security Advisory Description A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the BIG-IP Configuration utility. CVE-2020-5940 Impact An authenticated attacker may be able to store JavaScript, which i...

K79902360: BIG-IP TMUI XSS vulnerability CVE-2019-6625

Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI also known as the BIG-IP Configuration utility. CVE-2019-6625 Impact To perform the attack, a user must visit a specially crafted URL...

K61643620: BIG-IP TMUI XSS vulnerability CVE-2021-23038

Security Advisory Description A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2021-23038 Impact An authenticated attacker may exploit...

K07051153: TMUI vulnerability CVE-2020-5905

Security Advisory Description In the BIG-IP Configuration utility Network WCCP page, the system does not sanitize all user-provided data before displaying the page. CVE-2020-5905 Impact Authenticated administrative users with access to this page in the Configuration utility may inject code onto t...

K64855220: F5 TMUI and iControl Rest vulnerability CVE-2019-6634

Security Advisory Description High volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any role. CVE-2019-6634 Note: The No Access user role is...

K50974556: Overview of F5 vulnerabilities (August 2021)

Security Advisory Description On August 24, 2021, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...

K61002104: BIG-IP AFM and PEM TMUI XSS vulnerability CVE-2019-6639

Security Advisory Description Undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting XSS issue. This is a control plane issue only and is not accessible from the data plane. The attack requires a malicious resource administrator to store the...

K38893457: BIG-IP DNS TMUI vulnerability CVE-2022-33947

Security Advisory Description A vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface TMUI that allows an authenticated attacker with at least operator role privileges to cause the Tomcat process to restart and perform unauthorized DNS requests and operatio...

K44603900: BIG-IP Configuration utility vulnerability CVE-2019-6598

Security Advisory Description Malformed requests to the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role other than the No Access role. The No Access user...

K25451853: TMUI XSS vulnerability CVE-2022-28716

Security Advisory Description A DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2022-28716 Impact An attacker ma...

K24301698: TMUI XSS vulnerability CVE-2021-23027

Security Advisory Description A DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2021-23027 Impact An attacker may exploit this...

K22441651: BIG-IP TMUI XSS vulnerability CVE-2019-6657

Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the BIG-IP Configuration utility. CVE-2019-6657 Impact An attacker may exploit this vulnerability using a crafted URL ...

K52145254: TMUI RCE vulnerability CVE-2020-5902

Security Advisory Description The Traffic Management User Interface TMUI, also referred to as the Configuration utility, has a Remote Code Execution RCE vulnerability in undisclosed pages. CVE-2020-5902 Impact This vulnerability allows for unauthenticated attackers, or authenticated users, with...

K61620494: TMUI vulnerability CVE-2018-15329

Security Advisory Description When authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. CVE-2018-15329 Impact This vulnerability may allow...

K63163637: BIG-IP TMUI vulnerability CVE-2021-23043

Security Advisory Description A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to access arbitrary files. CVE-2021-23043 Impact An authenticated attacker may exploit this vulnerability by sending a crafted request to the...

K23566124: BIG-IP TMUI vulnerability CVE-2019-6589

Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI also known as the BIG-IP Configuration utility. CVE-2019-6589 Impact To perform the attack, a user must visit a specially crafted URL...