K29280193: BIG-IP Configuration utility vulnerability CVE-2019-6597

Security Advisory Description When authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. CVE-2019-6597 Impact BIG-IP and Enterprise Manager This...

CVE-2022-23031

On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x before 14.1.4.4, an XML External Entity XXE vulnerability exists in an undisclosed page of the F5 Advanced Web Application Firewall Advanced WAF and BIG-IP ASM Traffic Management User Interface...

F5 BIG-IP cross-site scripting vulnerability (CNVD-2021-29555)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. F5 BIG-IP suffers from a cross-site scripting vulnerability that can be exploited by an attacker to trigger cross-site scripti...

The vulnerability of the Advanced WAF/ASM TMUI application protection component of BIG-IP allows attackers to execute arbitrary commands, modify, or delete files.

The vulnerability of the Advanced WAF/ASM TMUI application protection component in BIG-IP is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to execute arbitrary commands, modify or delete files remotely...

The vulnerability of the TMUI interface of the access control and remote authentication management tool BIG-IP Access Policy Manager, the BIG-IP Advanced Firewall Manager network interface, BIG-IP Advanced Web Application Firewall, the BIG-IP Application Acceleration Manager application delivery tools, the BIG-IP Application Security Manager application protection tools, the BIG-IP DDos Hybrid Defender DDoS attack protection tools, the BIG-IP DNS server, the BIG-IP Fraud Protection Service module, the BIG-IP Link Controller internet traffic balancing system, the BIG-IP Local Traffic Manager local traffic balancing system, the BIG-IP Policy Enforcement Manager network traffic control and management system, the SSL decryption and SSL encrypted traffic redirection tool SSL Orchestrator, allowing a perpetrator to execute arbitrary code.

The vulnerability of the TMUI interface of the BIG-IP Access Policy Manager, the BIG-IP Advanced Firewall Manager’s network interface, the BIG-IP Application Acceleration Manager’s application delivery components, the BIG-IP Application Security Manager’s application protection components, the...

CVE-2018-5511

On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced...