Big-ip Access Policy Manager@11.6.3 Security Vulnerabilities and Issues — Big-ip Access Policy Manager@11.6.3 CVE List

Lucene search

F5Big-ip Access Policy Manager11.6.3

9 matches found

CVE•added 2019/07/03 6:15 p.m.•64 views

CVE-2019-6625

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI) also known as the BIG-IP Configuration utility.

6.1CVSS6AI score0.00351EPSS

CVE•added 2019/03/28 9:29 p.m.•59 views

CVE-2019-6608

On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP requests.

7.1CVSS5.7AI score0.00611EPSS

CVE•added 2019/03/28 9:29 p.m.•56 views

CVE-2019-6604

On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2 forwarding configurations may experience a lockup of the High-Speed Bridge.

6.8CVSS6.6AI score0.00647EPSS

CVE•added 2019/02/26 3:29 p.m.•54 views

CVE-2019-6595

Cross-site scripting (XSS) vulnerability in F5 BIG-IP Access Policy Manager (APM) 11.5.x and 11.6.x Admin Web UI.

6.1CVSS6.1AI score0.00259EPSS

CVE•added 2019/03/28 9:29 p.m.•46 views

CVE-2019-6602

In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request.

7.5CVSS7.5AI score0.0051EPSS

CVE•added 2019/03/28 9:29 p.m.•46 views

CVE-2019-6603

In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs.

7.5CVSS7.4AI score0.00891EPSS

CVE•added 2019/03/13 10:29 p.m.•45 views

CVE-2019-6599

In BIG-IP 11.6.1-11.6.3.2 or 11.5.1-11.5.8, or Enterprise Manager 3.1.1, improper escaping of values in an undisclosed page of the configuration utility may result with an improper handling on the JSON response when it is injected by a malicious script via a remote cross-site scripting (XSS) attack...

6.1CVSS6AI score0.00294EPSS

CVE•added 2019/04/11 6:29 p.m.•36 views

CVE-2019-6610

On BIG-IP versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11.6.3.4, and 11.5.1-11.5.8, the system is vulnerable to a denial of service attack when performing URL classification.

9CVSS8.3AI score0.00417EPSS

CVE•added 2019/03/13 10:29 p.m.•35 views

CVE-2019-6596

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when processing fragmented ClientHello messages in a DTLS session TMM may corrupt memory eventually leading to a crash. Only systems offering DTLS connections via APM are impacted.

7.5CVSS7.4AI score0.00778EPSS