National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:f5:big-ip_access_policy_manager:11.5.10
There are 58 matching records.
Displaying matches 41 through 58.
Vuln ID Summary CVSS Severity

On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-, and 14.0.0-, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP requests.

Published: March 28, 2019; 05:29:00 PM -04:00
V3.0: 5.9 MEDIUM
    V2: 7.1 HIGH

On BIG-IP 11.5.1-, 12.1.0-, 13.0.0-, and 14.0.0-, when processing certain SNMP requests with a request-id of 0, the snmpd process may leak a small amount of memory.

Published: March 28, 2019; 05:29:00 PM -04:00
V3.0: 4.3 MEDIUM
    V2: 4.0 MEDIUM

Cross-site scripting (XSS) vulnerability in F5 BIG-IP Access Policy Manager (APM) 11.5.x and 11.6.x Admin Web UI.

Published: February 26, 2019; 10:29:00 AM -05:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM

On BIG-IP 11.5.1-,, 13.0.0 HF1-, and 14.0.0-, Multi-Path TCP (MPTCP) does not protect against multiple zero length DATA_FINs in the reassembly queue, which can lead to an infinite loop in some circumstances.

Published: February 26, 2019; 10:29:00 AM -05:00
V3.0: 5.9 MEDIUM
    V2: 4.3 MEDIUM

A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication.

Published: December 28, 2018; 10:29:00 AM -05:00
V3.0: 4.3 MEDIUM
    V2: 4.3 MEDIUM

On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps.

Published: December 28, 2018; 10:29:00 AM -05:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW

On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files.

Published: December 12, 2018; 09:29:00 AM -05:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM

The svpn component of the F5 BIG-IP APM client prior to version for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.

Published: December 06, 2018; 08:29:00 AM -05:00
V3.0: 7.0 HIGH
    V2: 4.4 MEDIUM

Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles.

Published: October 08, 2018; 03:29:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

Published: August 06, 2018; 04:29:01 PM -04:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH

F5 BIG-IP 13.0.0-13.0.1, 12.1.0-, or 11.2.1- HTTPS health monitors do not validate the identity of the monitored server.

Published: July 25, 2018; 10:29:00 AM -04:00
V3.0: 8.1 HIGH
    V2: 6.8 MEDIUM

On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service.

Published: July 19, 2018; 10:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM

On an F5 BIG-IP 13.0.0-, 12.1.0-, or 11.2.1- system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources.

Published: May 02, 2018; 09:29:00 AM -04:00
V3.0: 4.4 MEDIUM
    V2: 3.5 LOW

On F5 BIG-IP 13.0.0-, 12.1.0-, or 11.2.1-, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended.

Published: May 02, 2018; 09:29:00 AM -04:00
V3.0: 4.9 MEDIUM
    V2: 5.5 MEDIUM

On F5 BIG-IP 13.0.0-, 12.1.0-12.1.2, or 11.2.1-, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.

Published: May 02, 2018; 09:29:00 AM -04:00
V3.0: 4.7 MEDIUM
    V2: 4.7 MEDIUM

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash.

Published: December 21, 2017; 12:29:00 PM -05:00
V3.0: 6.5 MEDIUM
    V2: 3.3 LOW

Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.

Published: September 17, 2015; 12:59:01 PM -04:00
    V2: 4.0 MEDIUM

racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.

Published: May 29, 2015; 11:59:19 AM -04:00
    V2: 7.8 HIGH