106 matches found
CVE-2021-23029
CVE-2021-23029 affects BIG-IP Advanced WAF and ASM TMUI. Insufficient permission checks may allow authenticated users with guest privileges to perform SSRF via the TMUI/ASM configuration utility. Affected versions include 16.0.x before 16.0.1.2; fixed in 16.0.1.2 and 16.1.0+ per F5 advisories. Re...
CVE-2021-23027
CVE-2021-23027 affects BIG-IP TMUI: a DOM-based XSS in an undisclosed page of the Configuration utility allows an attacker to run JavaScript in the context of the logged-in user. Affected versions are 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3. Fixed in 16.0.1.2, 1...
CVE-2021-23032
On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a BIG-IP DNS system is configured with non-default Wide IP and pool settings, undisclosed DNS responses can cause the Traffic Management Microkernel TMM to terminate. Note:...
Design/Logic Flaw
On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol OCSP verification of a certificate that contains Authority Information Access AIA, undisclosed requests may cau...
F5 Networks BIG-IP : TMM vulnerability (K05043394)
The version of F5 Networks BIG-IP installed on the remote host is prior to 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K05043394 advisory. - On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtual server,...
CVE-2021-23013
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, the Traffic Management Microkernel TMM may stop responding when processing Stream Control Transmission Protocol SCTP traffic under certain conditions. This...