Big-ip Access Policy Manager Security Vulnerabilities and Issues — Big-ip Access Policy Manager CVE List

Lucene search

F5Big-ip Access Policy Manager

10 matches found

CVE•added 2017/05/01 3:59 p.m.•60 views

CVE-2017-6128

An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.

7.5CVSS7.3AI score0.00926EPSS

CVE•added 2017/05/09 3:29 p.m.•58 views

CVE-2017-0302

In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.

5.3CVSS5.1AI score0.00314EPSS

CVE•added 2017/05/11 4:29 p.m.•55 views

CVE-2016-7476

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 HF10 may suffer from a memory leak while handling certain types of TCP traffic. Remote attackers ma...

7.5CVSS7.3AI score0.01196EPSS

CVE•added 2017/05/23 3:29 p.m.•52 views

CVE-2017-6131

In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at de...

9.8CVSS9.4AI score0.00775EPSS

CVE•added 2017/05/10 2:29 p.m.•51 views

CVE-2016-9250

In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.

7.5CVSS7.5AI score0.00608EPSS

CVE•added 2017/05/09 3:29 p.m.•50 views

CVE-2017-6137

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption...

5.9CVSS5.7AI score0.00702EPSS

CVE•added 2017/05/09 3:29 p.m.•46 views

CVE-2016-9251

In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.

8.8CVSS8.5AI score0.00454EPSS

CVE•added 2017/05/09 3:29 p.m.•40 views

CVE-2016-9256

In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal u...

7.5CVSS7.3AI score0.00227EPSS

CVE•added 2017/05/09 3:29 p.m.•39 views

CVE-2016-9257

In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to ca...

6.1CVSS5.8AI score0.00295EPSS

CVE•added 2017/05/09 3:29 p.m.•38 views

CVE-2016-9253

In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile.

7.5CVSS7.4AI score0.00778EPSS