Big-ip Analytics@12.1.0 Security Vulnerabilities and Issues — Big-ip Analytics@12.1.0 CVE List

Lucene search

F5Big-ip Analytics12.1.0

16 matches found

CVE•added 2017/02/09 3:59 p.m.•117 views

CVE-2016-9244

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible...

7.5CVSS6.2AI score0.75435EPSS

CVE•added 2017/12/21 5:29 p.m.•57 views

CVE-2017-6140

On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of...

7.5CVSS7.5AI score0.00628EPSS

CVE•added 2017/10/20 3:29 p.m.•55 views

CVE-2017-6145

iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. This service does not properly re-validate cookies when making that c...

7.5CVSS7AI score0.00365EPSS

CVE•added 2017/10/20 3:29 p.m.•55 views

CVE-2017-6165

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blade...

9.8CVSS9.4AI score0.01951EPSS

CVE•added 2017/03/27 3:59 p.m.•53 views

CVE-2016-7474

In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information.

5.5CVSS5.7AI score0.00108EPSS

CVE•added 2017/01/03 9:59 p.m.•52 views

CVE-2016-5024

Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic.

5.9CVSS5.7AI score0.01342EPSS

CVE•added 2017/06/09 3:29 p.m.•52 views

CVE-2016-7469

A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an auth...

5.4CVSS5.1AI score0.00269EPSS

CVE•added 2017/05/10 2:29 p.m.•51 views

CVE-2016-9250

In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.

7.5CVSS7.5AI score0.00608EPSS

CVE•added 2017/03/27 6:59 p.m.•51 views

CVE-2016-9252

The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors.

7.5CVSS7.4AI score0.01195EPSS

CVE•added 2017/05/09 3:29 p.m.•50 views

CVE-2017-6137

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption...

5.9CVSS5.7AI score0.00702EPSS

CVE•added 2017/05/09 3:29 p.m.•46 views

CVE-2016-9251

In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.

8.8CVSS8.5AI score0.00454EPSS

CVE•added 2017/01/10 4:59 p.m.•45 views

CVE-2016-9247

Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to restart.

5.9CVSS5.7AI score0.00765EPSS

CVE•added 2017/01/31 3:59 p.m.•45 views

CVE-2016-9249

An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).

7.8CVSS7.4AI score0.00772EPSS

CVE•added 2017/03/07 9:59 p.m.•42 views

CVE-2016-9245

In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "Normalize URI" configuration options used in iRu...

5.9CVSS5.8AI score0.00655EPSS

CVE•added 2017/05/09 3:29 p.m.•40 views

CVE-2016-9256

In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal u...

7.5CVSS7.3AI score0.00227EPSS

CVE•added 2017/05/09 3:29 p.m.•38 views

CVE-2016-9253

In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile.

7.5CVSS7.4AI score0.00778EPSS