Big-ip Access Policy Manager Security Vulnerabilities and Issues — Big-ip Access Policy Manager CVE List

Lucene search

F5Big-ip Access Policy Manager

11 matches found

CVE•added 2020/12/11 7:15 p.m.•99 views

CVE-2020-5948

On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admi...

9.6CVSS7.2AI score0.00822EPSS

CVE•added 2020/12/24 4:15 p.m.•68 views

CVE-2020-27727

On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, when an authenticated administrative user installs RPMs using the iAppsLX REST installer, the BIG-IP system does not sufficiently validate user input, allowing the user read access to the filesystem.

4.9CVSS4.8AI score0.00274EPSS

CVE•added 2020/12/24 4:15 p.m.•65 views

CVE-2020-27719

On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.

6.1CVSS5.9AI score0.00466EPSS

CVE•added 2020/12/24 4:15 p.m.•64 views

CVE-2020-27715

On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high (~100%) CPU utilization by the httpd daemon.

7.8CVSS7.4AI score0.00611EPSS

CVE•added 2020/12/11 7:15 p.m.•63 views

CVE-2020-5949

On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break.

7.5CVSS7.4AI score0.00647EPSS

CVE•added 2020/12/24 4:15 p.m.•58 views

CVE-2020-27716

On versions 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when a BIG-IP APM virtual server processes traffic of an undisclosed nature, the Traffic Management Microkernel (TMM) stops responding and restarts.

7.8CVSS7.5AI score0.00611EPSS

CVE•added 2020/12/24 4:15 p.m.•58 views

CVE-2020-27722

In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, under certain conditions, the VDI plugin does not observe plugin flow-control protocol causing excessive resource consumption.

6.5CVSS6.4AI score0.00304EPSS

CVE•added 2020/12/24 4:15 p.m.•55 views

CVE-2020-27726

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system.

6.1CVSS5.9AI score0.00467EPSS

CVE•added 2020/12/24 4:15 p.m.•53 views

CVE-2020-27729

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, an undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI.

6.1CVSS6.1AI score0.00218EPSS

CVE•added 2020/12/24 4:15 p.m.•50 views

CVE-2020-27723

In versions 14.1.0-14.1.3 and 13.1.0-13.1.3.4, a BIG-IP APM virtual server processing PingAccess requests may lead to a restart of the Traffic Management Microkernel (TMM) process.

7.5CVSS7.4AI score0.00647EPSS

CVE•added 2020/12/24 3:15 p.m.•44 views

CVE-2020-27724

In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic over ...

6.5CVSS6.4AI score0.00305EPSS