← Back

Big Ip Application Security Manager

big-ip_application_security_manager

Vendor: F5 • 541 CVEs

CVEs (541)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-5917
1F5
12Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+9 more
Nov 21, 2024
Aug 26, 2020
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits wh...Show more
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure.Show less
CVE-2020-5916
1F5
13Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+10 more
Nov 21, 2024
Aug 26, 2020
N/A· v4
6.8 MEDIUM· v3
4.0 MEDIUM· v2
In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory.
CVE-2020-5915
1F5
13Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+10 more
Nov 21, 2024
Aug 26, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems...Show more
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust.Show less
CVE-2020-5914
1F5
1Big Ip Application Security Manager
Nov 21, 2024
Aug 26, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In BIG-IP ASM versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed server cookie scenario may cause BD to restart under some circumstances.
CVE-2020-5913
1F5
14Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+11 more
Nov 21, 2024
Aug 26, 2020
N/A· v4
7.4 HIGH· v3
5.8 MEDIUM· v2
In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SS...Show more
In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the connections.Show less
CVE-2020-5912
1F5
14Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+11 more
Nov 21, 2024
Aug 26, 2020
N/A· v4
7.1 HIGH· v3
3.6 LOW· v2
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may over...Show more
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may overwrite arbitrary files.Show less
CVE-2020-5907
1F5
11Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more
Nov 21, 2024
Jul 1, 2020
N/A· v4
7.2 HIGH· v3
6.0 MEDIUM· v2
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an authorized user provided with access only to the TMOS Shell (tmsh) may be able to conduct arbitrary file read...Show more
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an authorized user provided with access only to the TMOS Shell (tmsh) may be able to conduct arbitrary file read/writes via the built-in sftp functionality.Show less
CVE-2020-5906
1F5
11Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more
Nov 21, 2024
Jul 1, 2020
N/A· v4
8.1 HIGH· v3
5.5 MEDIUM· v2
In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy...Show more
In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP.Show less
CVE-2020-5905
1F5
11Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more
Nov 21, 2024
Jul 1, 2020
N/A· v4
4.3 MEDIUM· v3
6.0 MEDIUM· v2
In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the system does not sanitize all user-provided data before display.
CVE-2020-5904
1F5
11Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more
Nov 21, 2024
Jul 1, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configurat...Show more
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page.Show less
CVE-2020-5903
1F5
11Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more
Nov 21, 2024
Jul 1, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.
CVE-2020-5902
1F5
14Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+11 more
Oct 27, 2025
Jul 1, 2020
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code E...Show more
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.Show less
CVE-2020-5890
1F5
12Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+9 more
Nov 21, 2024
Apr 30, 2020
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administ...Show more
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace.Show less
CVE-2020-5888
1F5
11Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more
Nov 21, 2024
Apr 30, 2020
N/A· v4
8.1 HIGH· v3
3.3 LOW· v2
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for adjacent network (layer 2) attackers to access local daemons and bypass port lockdown settings.
CVE-2020-5891
1F5
9Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+6 more
Nov 21, 2024
Apr 30, 2020
N/A· v4
7.5 HIGH· v3
4.3 MEDIUM· v2
On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/...Show more
On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile.Show less
CVE-2020-5887
1F5
13Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+10 more
Nov 21, 2024
Apr 30, 2020
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings.
CVE-2020-5886
1F5
11Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more
Nov 21, 2024
Apr 30, 2020
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecur...Show more
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.Show less
CVE-2020-5885
1F5
11Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more
Nov 21, 2024
Apr 30, 2020
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecur...Show more
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.Show less
CVE-2020-5884
1F5
11Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more
Nov 21, 2024
Apr 30, 2020
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure. This is a control plane issue...Show more
On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure. This is a control plane issue that is exposed only on the network used for mirroring.Show less
CVE-2020-5883
1F5
10Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Application Acceleration Manager+7 more
Nov 21, 2024
Apr 30, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTP_PROXY_REQUEST iRule, POST requests sent to the virtual s...Show more
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTP_PROXY_REQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak.Show less