Big-ip Access Policy Manager@13.0.0 Security Vulnerabilities and Issues — Big-ip Access Policy Manager@13.0.0 CVE List

Lucene search

F5Big-ip Access Policy Manager13.0.0

16 matches found

CVE•added 2017/05/09 3:29 p.m.•58 views

CVE-2017-0302

In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.

5.3CVSS5.1AI score0.00314EPSS

CVE•added 2017/10/27 2:29 p.m.•58 views

CVE-2017-0303

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentiall...

7.5CVSS7.4AI score0.02438EPSS

CVE•added 2017/12/21 5:29 p.m.•56 views

CVE-2017-6167

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected.

8.5CVSS7.5AI score0.00312EPSS

CVE•added 2017/10/20 3:29 p.m.•55 views

CVE-2017-6145

iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. This service does not properly re-validate cookies when making that c...

7.5CVSS7AI score0.00365EPSS

CVE•added 2017/12/21 5:29 p.m.•53 views

CVE-2017-6138

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of setting...

7.5CVSS7.3AI score0.00662EPSS

CVE•added 2017/05/23 3:29 p.m.•52 views

CVE-2017-6131

In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at de...

9.8CVSS9.4AI score0.00775EPSS

CVE•added 2017/12/21 5:29 p.m.•52 views

CVE-2017-6133

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service.

7.8CVSS7.4AI score0.00647EPSS

CVE•added 2017/12/21 5:29 p.m.•50 views

CVE-2017-6136

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a...

5.9CVSS5.6AI score0.00566EPSS

CVE•added 2017/12/21 5:29 p.m.•50 views

CVE-2017-6151

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM.

7.8CVSS7.4AI score0.00492EPSS

CVE•added 2017/12/21 5:29 p.m.•49 views

CVE-2017-6132

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may c...

7.5CVSS7.6AI score0.02162EPSS

CVE•added 2017/12/21 5:29 p.m.•46 views

CVE-2017-6139

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk.

5.9CVSS5.6AI score0.00432EPSS

CVE•added 2017/09/18 5:29 p.m.•46 views

CVE-2017-6147

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Client and Server SSL profiles assigne...

5.9CVSS5.6AI score0.00675EPSS

CVE•added 2017/12/21 5:29 p.m.•46 views

CVE-2017-6164

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malfo...

8.1CVSS8.1AI score0.02462EPSS

CVE•added 2017/12/21 5:29 p.m.•44 views

CVE-2017-6135

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions.

7.8CVSS7.5AI score0.0052EPSS

CVE•added 2017/12/21 5:29 p.m.•43 views

CVE-2017-6129

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail o...

7.8CVSS7.4AI score0.00492EPSS

CVE•added 2017/12/21 5:29 p.m.•41 views

CVE-2017-6134

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash.

6.5CVSS6.4AI score0.0141EPSS