Lucene search

K
F5Big-ip Global Traffic Manager

406 matches found

CVE
CVE
added 2018/06/01 2:29 p.m.43 views

CVE-2018-5522

On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash.

5.9CVSS5.7AI score0.00675EPSS
CVE
CVE
added 2019/11/27 10:15 p.m.43 views

CVE-2019-6666

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, and 13.1.0-13.1.1.4, the TMM process may produce a core file when an upstream server or cache sends the BIG-IP an invalid age header value.

7.5CVSS7.5AI score0.00891EPSS
CVE
CVE
added 2019/11/27 10:15 p.m.43 views

CVE-2019-6669

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, undisclosed traffic flow may cause TMM to restart under some circumstances.

7.5CVSS7.5AI score0.00891EPSS
CVE
CVE
added 2020/04/30 8:15 p.m.43 views

CVE-2020-5871

On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service (DoS) when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane exp...

7.5CVSS7.5AI score0.00647EPSS
CVE
CVE
added 2020/04/30 8:15 p.m.43 views

CVE-2020-5872

On BIG-IP 14.1.0-14.1.2.3, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.4.1, when processing TLS traffic with hardware cryptographic acceleration enabled on platforms with Intel QAT hardware, the Traffic Management Microkernel (TMM) may stop responding and cause a failover event.

7.5CVSS7.4AI score0.00647EPSS
CVE
CVE
added 2020/04/30 9:15 p.m.43 views

CVE-2020-5875

On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, the Traffic Management Microkernel (TMM) may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy.

7.5CVSS7.5AI score0.00647EPSS
CVE
CVE
added 2020/08/26 3:15 p.m.43 views

CVE-2020-5916

In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory.

6.8CVSS6.6AI score0.001EPSS
CVE
CVE
added 2024/02/14 5:15 p.m.43 views

CVE-2024-24775

When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

7.5CVSS7.6AI score0.00362EPSS
CVE
CVE
added 2015/05/12 7:59 p.m.42 views

CVE-2014-9326

The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 t...

4.3CVSS6.6AI score0.00218EPSS
CVE
CVE
added 2017/02/20 3:59 p.m.42 views

CVE-2016-6249

F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files.

5.3CVSS5.4AI score0.00063EPSS
CVE
CVE
added 2018/03/01 4:29 p.m.42 views

CVE-2018-5500

On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue.

5.9CVSS5.7AI score0.00675EPSS
CVE
CVE
added 2018/06/01 2:29 p.m.42 views

CVE-2018-5513

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted...

7.5CVSS7.3AI score0.00749EPSS
CVE
CVE
added 2019/03/28 9:29 p.m.42 views

CVE-2019-6605

On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service.

7.5CVSS7.4AI score0.00891EPSS
CVE
CVE
added 2019/12/23 5:15 p.m.42 views

CVE-2019-6676

On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM may restart on BIG-IP Virtual Edition (VE) when using virtio direct descriptors and packets 2 KB or larger.

7.5CVSS7.5AI score0.00891EPSS
CVE
CVE
added 2020/07/01 3:15 p.m.42 views

CVE-2020-5906

In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP.

8.1CVSS7.8AI score0.00131EPSS
CVE
CVE
added 2020/10/29 2:15 p.m.42 views

CVE-2020-5938

On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow.

6.5CVSS6.4AI score0.00125EPSS
CVE
CVE
added 2016/04/11 2:59 p.m.41 views

CVE-2015-8240

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 and BIG-IP PSM before 11.4.1 HF10 does not properly handle TCP options, which allows remote attackers...

7.5CVSS7.3AI score0.01195EPSS
CVE
CVE
added 2017/12/21 5:29 p.m.41 views

CVE-2017-6134

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash.

6.5CVSS6.4AI score0.0141EPSS
CVE
CVE
added 2019/11/27 10:15 p.m.41 views

CVE-2019-6670

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem.

4.4CVSS4.8AI score0.00097EPSS
CVE
CVE
added 2020/01/14 5:15 p.m.41 views

CVE-2020-5852

Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only impacts specific enginee...

7.5CVSS7.5AI score0.00896EPSS
CVE
CVE
added 2020/04/30 9:15 p.m.41 views

CVE-2020-5878

On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.3, Traffic Management Microkernel (TMM) may restart on BIG-IP Virtual Edition (VE) while processing unusual IP traffic.

7.5CVSS7.5AI score0.00647EPSS
CVE
CVE
added 2020/10/29 4:15 p.m.41 views

CVE-2020-5931

On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart.

7.5CVSS7.4AI score0.00891EPSS
CVE
CVE
added 2020/11/05 8:15 p.m.41 views

CVE-2020-5943

In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password.

6.5CVSS6.4AI score0.00154EPSS
CVE
CVE
added 2023/05/03 3:15 p.m.41 views

CVE-2023-28406

A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. Note: Softwa...

4.3CVSS4.7AI score0.00604EPSS
CVE
CVE
added 2024/02/14 5:15 p.m.41 views

CVE-2024-21782

BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873...

6.7CVSS7.4AI score0.00286EPSS
CVE
CVE
added 2018/03/01 4:29 p.m.40 views

CVE-2018-5501

In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control.

5.9CVSS5.7AI score0.00891EPSS
CVE
CVE
added 2020/08/26 3:15 p.m.40 views

CVE-2020-5923

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses.

5.4CVSS5.5AI score0.00073EPSS
CVE
CVE
added 2021/09/14 1:15 p.m.40 views

CVE-2021-23048

On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when GPRS Tunneling Protocol (GTP) iRules commands or a GTP profile is configured on a virtual server, undisclosed GTP messages can cause the Traf...

7.5CVSS7.7AI score0.00891EPSS
CVE
CVE
added 2024/02/14 5:15 p.m.40 views

CVE-2024-23979

When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are...

7.5CVSS7.8AI score0.00203EPSS
CVE
CVE
added 2016/06/07 6:59 p.m.39 views

CVE-2016-4545

Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause a denial of service (resource consumption and Traffic Management Microkernel restart) via an SSL alert during the handshake.

7.5CVSS7.3AI score0.01724EPSS
CVE
CVE
added 2018/04/13 1:29 p.m.39 views

CVE-2018-5506

In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication b...

9.8CVSS9.6AI score0.00204EPSS
CVE
CVE
added 2019/11/27 10:15 p.m.39 views

CVE-2019-6667

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.5.1-11.6.5, under certain conditions, TMM may consume excessive resources when processing traffic for a Virtual Server with the FIX (Financial Information eXchange) profile applied.

7.5CVSS7.5AI score0.00891EPSS
CVE
CVE
added 2019/12/23 6:15 p.m.39 views

CVE-2019-6685

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution.

7.8CVSS7.8AI score0.00175EPSS
CVE
CVE
added 2020/04/30 9:15 p.m.39 views

CVE-2020-5882

On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5, and 11.6.1-11.6.5.1, under certain conditions, the Intel QuickAssist Technology (QAT) cryptography driver may produce a Traffic Management Microkernel (TMM) core file.

7.5CVSS7.4AI score0.00647EPSS
CVE
CVE
added 2020/10/29 4:15 p.m.39 views

CVE-2020-5933

On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger an ...

7.8CVSS7.5AI score0.00611EPSS
CVE
CVE
added 2020/10/29 4:15 p.m.39 views

CVE-2020-5935

On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when handling MQTT traffic through a BIG-IP virtual server associated with an MQTT profile and an iRule performing manipulations on that traffic, TMM m...

5.9CVSS5.7AI score0.00647EPSS
CVE
CVE
added 2018/03/22 6:29 p.m.38 views

CVE-2018-5504

In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or ...

9.3CVSS8.4AI score0.03251EPSS
CVE
CVE
added 2018/04/13 1:29 p.m.38 views

CVE-2018-5507

On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU.

7.5CVSS7.5AI score0.00537EPSS
CVE
CVE
added 2018/05/02 1:29 p.m.38 views

CVE-2018-5519

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allo...

5.5CVSS5.2AI score0.00197EPSS
CVE
CVE
added 2018/07/25 2:29 p.m.38 views

CVE-2018-5542

F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server.

8.1CVSS8.1AI score0.00837EPSS
CVE
CVE
added 2019/11/27 10:15 p.m.38 views

CVE-2019-6671

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, under certain conditions tmm may leak memory when processing packet fragments, leading to resource starvation.

7.5CVSS7.4AI score0.00891EPSS
CVE
CVE
added 2020/04/30 9:15 p.m.38 views

CVE-2020-5877

On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, malformed input to the DATAGRAM::tcp iRules command within a FLOW_INIT event may lead to a denial of service.

7.5CVSS7.5AI score0.00647EPSS
CVE
CVE
added 2020/07/01 3:15 p.m.38 views

CVE-2020-5907

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an authorized user provided with access only to the TMOS Shell (tmsh) may be able to conduct arbitrary file read/writes via the built-in sftp functionality.

7.2CVSS7.1AI score0.00358EPSS
CVE
CVE
added 2015/09/18 2:59 p.m.37 views

CVE-2015-4638

The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.3.0 through 11.5.2 and 11.6.0 through 11.6.0 HF4, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 through 11.3.0, and BIG-IP PSM 11.2.1 through 11.4.1 allows remote attackers to cause a d...

5CVSS6.6AI score0.00725EPSS
CVE
CVE
added 2018/05/02 1:29 p.m.37 views

CVE-2018-5520

On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources.

4.4CVSS4.9AI score0.002EPSS
CVE
CVE
added 2019/12/23 5:15 p.m.37 views

CVE-2019-6677

On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, under certain conditions when using custom TCP congestion control settings in a TCP profile, TMM stops processing traffic when processed by an iRule.

7.5CVSS7.5AI score0.00891EPSS
CVE
CVE
added 2019/12/23 6:15 p.m.37 views

CVE-2019-6680

On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5, while processing traffic through a standard virtual server that targets a FastL4 virtual server (VIP on VIP), hardware appliances may stop responding.

7.8CVSS7.5AI score0.00916EPSS
CVE
CVE
added 2020/08/26 3:15 p.m.37 views

CVE-2020-5915

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust.

6.1CVSS5.9AI score0.00398EPSS
CVE
CVE
added 2018/07/25 2:29 p.m.36 views

CVE-2018-5537

A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end.

5.3CVSS5.2AI score0.0069EPSS
CVE
CVE
added 2019/12/23 5:15 p.m.36 views

CVE-2019-6678

On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, the TMM process may restart when the packet filter feature is enabled.

5.3CVSS5.3AI score0.00868EPSS
Total number of security vulnerabilities406