Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

f5 big-ip application acceleration manager 12.1.5.2 vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv2
CVE-2021-23000
On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicio...
F5 Big-ip Access Policy Manager 12.1.5.2F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall Manager 12.1.5.2F5 Big-ip Advanced Firewall ManagerF5 Big-ip Advanced Web Application Firewall 12.1.5.2F5 Big-ip Advanced Web Application FirewallF5 Big-ip Analytics 12.1.5.2F5 Big-ip AnalyticsF5 Big-ip Application Acceleration Manager 12.1.5.2F5 Big-ip Application Acceleration ManagerF5 Big-ip Application Security Manager 12.1.5.2F5 Big-ip Application Security ManagerF5 Big-ip Ddos Hybrid Defender 12.1.5.2F5 Big-ip Ddos Hybrid DefenderF5 Big-ip Domain Name System 12.1.5.2F5 Big-ip Domain Name SystemF5 Big-ip Fraud Protection Service 12.1.5.2F5 Big-ip Fraud Protection ServiceF5 Big-ip Global Traffic Manager 12.1.5.2F5 Big-ip Global Traffic ManagerF5 Big-ip Link Controller 12.1.5.2F5 Big-ip Link Controller
5
CVSSv2
CVE-2020-5931
On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart.
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip AnalyticsF5 Big-ip Application Acceleration ManagerF5 Big-ip Application Security ManagerF5 Big-ip Domain Name SystemF5 Big-ip Fraud Protection ServiceF5 Big-ip Global Traffic ManagerF5 Big-ip Link ControllerF5 Big-ip Local Traffic ManagerF5 Big-ip Policy Enforcement Manager
5.5
CVSSv2
CVE-2020-5906
In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted file...
F5 Big-ip Local Traffic ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Application Acceleration ManagerF5 Big-ip AnalyticsF5 Big-ip Access Policy ManagerF5 Big-ip Application Security ManagerF5 Big-ip Fraud Protection ServiceF5 Big-ip Global Traffic ManagerF5 Big-ip Link ControllerF5 Big-ip Policy Enforcement ManagerF5 Big-ip Domain Name System
4
CVSSv2
CVE-2020-5938
On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow.
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Advanced Web Application FirewallF5 Big-ip AnalyticsF5 Big-ip Application Acceleration ManagerF5 Big-ip Application Security ManagerF5 Big-ip Ddos Hybrid DefenderF5 Big-ip Domain Name SystemF5 Big-ip Fraud Protection ServiceF5 Big-ip Global Traffic ManagerF5 Big-ip Link ControllerF5 Big-ip Local Traffic ManagerF5 Big-ip Policy Enforcement ManagerF5 Ssl Orchestrator
6.8
CVSSv2
CVE-2020-5948
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user ...
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip AnalyticsF5 Big-ip Application Acceleration ManagerF5 Big-ip Application Security ManagerF5 Big-ip Domain Name SystemF5 Big-ip Fraud Protection ServiceF5 Big-ip Global Traffic ManagerF5 Big-ip Link ControllerF5 Big-ip Local Traffic ManagerF5 Big-ip Policy Enforcement ManagerF5 Big-ip Access Policy Manager 16.0.0F5 Big-ip Advanced Firewall Manager 16.0.0F5 Big-ip Analytics 16.0.0F5 Big-ip Application Acceleration Manager 16.0.0F5 Big-ip Application Security Manager 16.0.0F5 Big-ip Domain Name System 16.0.0F5 Big-ip Fraud Protection Service 16.0.0F5 Big-ip Global Traffic Manager 16.0.0F5 Big-ip Link Controller 16.0.0F5 Big-ip Local Traffic Manager 16.0.0F5 Big-ip Policy Enforcement Manager 16.0.0
5
CVSSv2
CVE-2020-5930
In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 and BIG-IQ 5.2.0-7.1.0, unauthenticated attackers can cause disruption of service via undisclosed methods.
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip AnalyticsF5 Big-ip Application Acceleration ManagerF5 Big-ip Application Security ManagerF5 Big-ip Domain Name SystemF5 Big-ip Edge GatewayF5 Big-ip Fraud Protection ServiceF5 Big-ip Global Traffic ManagerF5 Big-ip Link ControllerF5 Big-ip Local Traffic ManagerF5 Big-ip Policy Enforcement ManagerF5 Big-ip WebacceleratorF5 Big-iq Centralized Management 5.4.0F5 Big-iq Centralized Management
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook