K64855220: F5 TMUI and iControl Rest vulnerability CVE-2019-6634

Security Advisory Description High volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any role. CVE-2019-6634 Note: The No Access user role is...

K42696541: F5 TMUI XSS vulnerability CVE-2020-5948

Security Advisory Description Undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. CVE-2020-5948 Impact An attacker may exploit this vulnerability using a crafted URL t...

CVE-2020-5948 — F5 TMUI XSS vulnerability

On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2. Undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the...