CVE-2019-6655

Published: Sep 25, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

On versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4, and 11.5.1-11.5.9, BIG-IP platforms where AVR, ASM, APM, PEM, AFM, and/or AAM is provisioned may leak sensitive data.

Affected (24)

Products: F5: Big Ip Application Acceleration Manager, Big Ip Advanced Firewall Manager, Big Ip Analytics, Big Ip Access Policy Manager, Big Ip Application Security Manager, Big Ip Policy Enforcement Manager

6 products

Big Ip Application Acceleration Manager

Big Ip Advanced Firewall Manager

Big Ip Analytics

Big Ip Access Policy Manager

Big Ip Application Security Manager

Big Ip Policy Enforcement Manager

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Application Acceleration Manager	From 11.5.2 to 11.5.9
F5 Big Ip Application Acceleration Manager	From 11.6.1 to 11.6.4
F5 Big Ip Application Acceleration Manager	From 12.1.0 to 12.1.4.1
F5 Big Ip Application Acceleration Manager	From 13.0.0 to 13.1.0.1

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Advanced Firewall Manager	From 11.5.2 to 11.5.9
F5 Big Ip Advanced Firewall Manager	From 11.6.1 to 11.6.4
F5 Big Ip Advanced Firewall Manager	From 12.1.0 to 12.1.4.1
F5 Big Ip Advanced Firewall Manager	From 13.0.0 to 13.1.0.1

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Analytics	From 11.5.2 to 11.5.9
F5 Big Ip Analytics	From 11.6.1 to 11.6.4
F5 Big Ip Analytics	From 12.1.0 to 12.1.4.1
F5 Big Ip Analytics	From 13.0.0 to 13.1.0.1

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 11.5.2 to 11.5.9
F5 Big Ip Access Policy Manager	From 11.6.1 to 11.6.4
F5 Big Ip Access Policy Manager	From 12.1.0 to 12.1.4.1
F5 Big Ip Access Policy Manager	From 13.0.0 to 13.1.0.1

Configuration E

4 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Application Security Manager	From 11.5.2 to 11.5.9
F5 Big Ip Application Security Manager	From 11.6.1 to 11.6.4
F5 Big Ip Application Security Manager	From 12.1.0 to 12.1.4.1
F5 Big Ip Application Security Manager	From 13.0.0 to 13.1.0.1

Configuration F

4 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Policy Enforcement Manager	From 11.5.2 to 11.5.9
F5 Big Ip Policy Enforcement Manager	From 11.6.1 to 11.6.4
F5 Big Ip Policy Enforcement Manager	From 12.1.0 to 12.1.4.1
F5 Big Ip Policy Enforcement Manager	From 13.0.0 to 13.1.0.1

References (4)

https://support.f5.com/csp/article/K31152411

Source: f5sirt@f5.com

MitigationVendor Advisory

https://support.f5.com/csp/article/K31152411?utm_source=f5support&amp%3Butm_medium=RSS

Source: f5sirt@f5.com

https://support.f5.com/csp/article/K31152411

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://support.f5.com/csp/article/K31152411?utm_source=f5support&amp%3Butm_medium=RSS

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.