Big-ip Fraud Protection Service Security Vulnerabilities and Issues — Big-ip Fraud Protection Service CVE List

Lucene search

F5Big-ip Fraud Protection Service

7 matches found

CVE•added 2020/11/19 1:15 a.m.•72 views

CVE-2020-5947

In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 ...

4.3CVSS4.4AI score0.00185EPSS

CVE•added 2020/11/05 8:15 p.m.•50 views

CVE-2020-5945

In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate to full admin.

8.5CVSS8.2AI score0.00454EPSS

CVE•added 2020/11/05 8:15 p.m.•47 views

CVE-2020-5941

On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESOLV::lookup command within an iRule may cause the Traffic Management Microkernel (TMM) to generate a core file and restart. This issue occurs when data exceeding the maximum limit of a hostname passes to the RESOLV::lookup command...

7.5CVSS7.5AI score0.00647EPSS

CVE•added 2020/11/05 8:15 p.m.•45 views

CVE-2020-5946

In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, under some circumstances, certain format client-side alerts sent to the BIG-IP virtual server configured with DataSafe may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-...

7.5CVSS7.4AI score0.00647EPSS

CVE•added 2020/11/05 8:15 p.m.•44 views

CVE-2020-5939

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface Controller (NIC) card and Single Root I/O Virtualization (SR-IOV) enabled on vSphere, may fail and leave th...

7.5CVSS7.4AI score0.00647EPSS

CVE•added 2020/11/05 8:15 p.m.•41 views

CVE-2020-5943

In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password.

6.5CVSS6.4AI score0.00154EPSS

CVE•added 2020/11/05 8:15 p.m.•36 views

CVE-2020-5940

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility.

5.4CVSS5.2AI score0.0028EPSS