The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x prior to 11.2.1 HF16, 11.3.x, 11.4.x prior to 11.4.1 HF10, 11.5.x prior to 11.5.4, and 11.6.x prior to 11.6.1; BIG-IP AAM 11.4.x prior to 11.4.1 HF10, 11.5.x prior to 11.5.4, and 11.6.x... On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions before 16.1.2.2, 15.1.x versions before 15.1.5, 14.1.x versions before 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side (client/server), and DTLS on... F5 BIG-IP LTM systems 11.x prior to 11.2.1 HF16, 11.3.x, 11.4.x prior to 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote malicious users to modify or extract sy... In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of con... The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 up to and including 10.2.4, 11.2.1, 11.4.x, 11.5.x prior to 11.5.4 HF2, 11.6.x prior to 11.6.1, and 12.0.0 before HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x prior to 11.5.4 HF2, 11.6.x prior... BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote malicious users to obtain login acc... The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 prior to 11.5.3 HF2 and 11.6.0 prior to 11.6.0 HF6, BIG-IP AAM 11.4.0 prior to 11.5.3 HF2 and 11.6.0 prior to 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0, BIG-IP GTM 1...