← Back

Big Ip Policy Enforcement Manager

big-ip_policy_enforcement_manager

Vendor: F5 • 495 CVEs

CVEs (495)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2017-6131
1F5
9Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Application Acceleration Manager+6 more
May 13, 2026
May 23, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administ...Show more
In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH.Show less
CVE-2016-7476
1F5
10Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Application Acceleration Manager+7 more
May 13, 2026
May 11, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 HF10 may suffer from...Show more
The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 HF10 may suffer from a memory leak while handling certain types of TCP traffic. Remote attackers may cause a denial of service (DoS) by way of a crafted TCP packet.Show less
CVE-2016-9250
1F5
14Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+11 more
May 13, 2026
May 10, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.
CVE-2017-6137
1F5
11Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more
May 13, 2026
May 9, 2017
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns...Show more
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations.Show less
CVE-2016-9256
1F5
10Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+7 more
May 13, 2026
May 9, 2017
N/A· v4
7.5 HIGH· v3
6.0 MEDIUM· v2
In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of t...Show more
In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change.Show less
CVE-2016-9253
1F5
10Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+7 more
May 13, 2026
May 9, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile.
CVE-2016-9251
1F5
10Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+7 more
May 13, 2026
May 9, 2017
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.
CVE-2017-6128
1F5
21Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+18 more
May 13, 2026
May 1, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.
CVE-2016-9252
1F5
14Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+11 more
May 13, 2026
Mar 27, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause...Show more
The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors.Show less
CVE-2016-7474
1F5
14Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+11 more
May 13, 2026
Mar 27, 2017
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information.
CVE-2016-7468
1F5
10Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+7 more
May 13, 2026
Mar 23, 2017
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles wh...Show more
An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to non-default setting "enabled". The default value for the tm.tcpprogressive db variable is "negotiate". An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.Show less
CVE-2016-9245
1F5
10Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+7 more
May 13, 2026
Mar 7, 2017
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also...Show more
In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "Normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.Show less
CVE-2016-6249
1F5
11Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more
May 13, 2026
Feb 20, 2017
N/A· v4
5.3 MEDIUM· v3
2.1 LOW· v2
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obt...Show more
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files.Show less
CVE-2016-9244
1F5
10Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+7 more
May 13, 2026
Feb 9, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to ob...Show more
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.Show less
CVE-2016-9249
1F5
10Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+7 more
May 13, 2026
Jan 31, 2017
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).
CVE-2016-9247
1F5
10Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+7 more
May 6, 2026
Jan 10, 2017
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to restart...Show more
Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to restart.Show less
CVE-2016-5024
1F5
10Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+7 more
May 6, 2026
Jan 3, 2017
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Traffic Management Micro...Show more
Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic.Show less
CVE-2016-5700
1F5
8Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Application Acceleration Manager+5 more
May 6, 2026
Oct 3, 2016
N/A· v4
9.8 CRITICAL· v3
9.3 HIGH· v2
Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit P...Show more
Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors.Show less
CVE-2016-6876
1F5
14Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+11 more
May 6, 2026
Sep 7, 2016
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP AAM, AFM, and PEM 11.4...Show more
The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP Analytics 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP DNS 12.0.0 before HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 10.2.1 through 10.2.4 and 11.2.1; BIG-IP GTM 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1; and BIG-IP PSM 10.2.1 through 10.2.4 and 11.4.0 through 11.4.1 allows remote DNS servers to cause a denial of service (CPU consumption or Traffic Management Microkernel crash) via a crafted PTR response.Show less
CVE-2016-5022
1F5
22Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+19 more
May 6, 2026
Sep 7, 2016
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x b...Show more
F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.x before 11.2.1 HF16 and 11.3.0; BIG-IP GTM 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1 HF1; BIG-IP PSM 11.2.x before 11.2.1 HF16, 11.3.x, and 11.4.0 through 11.4.1; Enterprise Manager 3.1.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 5.0.0; BIG-IQ Cloud and Orchestration 1.0.0; and iWorkflow 2.0.0, when Packet Filtering is enabled on virtual servers and possibly self IP addresses, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) and possibly have unspecified other impact via crafted network traffic.Show less