Vulnerabilities (CVE)

Filtered by vendor F5 Subscribe
Filtered by product Big-ip Policy Enforcement Manager
Total 416 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-5021 1 F5 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more 2024-02-04 4.0 MEDIUM 4.9 MEDIUM
The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors.
CVE-2015-3628 1 F5 18 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 15 more 2024-02-04 9.0 HIGH N/A
The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0, BIG-IP GTM 11.3.0 before 11.6.0 HF6, BIG-IP PSM 11.3.0 through 11.4.1, Enterprise Manager 3.1.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote authenticated users with the "Resource Administrator" role to gain privileges via an iCall (1) script or (2) handler in a SOAP request to iControl/iControlPortal.cgi.
CVE-2016-6876 1 F5 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP Analytics 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP DNS 12.0.0 before HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 10.2.1 through 10.2.4 and 11.2.1; BIG-IP GTM 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1; and BIG-IP PSM 10.2.1 through 10.2.4 and 11.4.0 through 11.4.1 allows remote DNS servers to cause a denial of service (CPU consumption or Traffic Management Microkernel crash) via a crafted PTR response.
CVE-2016-5020 1 F5 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more 2024-02-04 9.0 HIGH 8.8 HIGH
F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script.
CVE-2015-8099 1 F5 21 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 18 more 2024-02-04 4.3 MEDIUM 5.9 MEDIUM
F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment.
CVE-2015-8021 1 F5 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more 2024-02-04 4.0 MEDIUM 4.3 MEDIUM
Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; and BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF11 and 11.3.0 allows remote authenticated users to upload files via uploadImage.php.
CVE-2016-5700 1 F5 8 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 5 more 2024-02-04 9.3 HIGH 9.8 CRITICAL
Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors.
CVE-2014-3959 1 F5 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2014-6032 1 F5 13 Big-ip Advanced Firewall Manager, Big-ip Analytics, Big-ip Application Acceleration Manager and 10 more 2024-02-04 5.5 MEDIUM N/A
Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements.
CVE-2014-4027 5 Canonical, F5, Linux and 2 more 26 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 23 more 2024-02-04 2.3 LOW N/A
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
CVE-2014-4023 1 F5 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AAM 11.4.0 before 11.6.0, AFM and PEM 11.3.0 before 11.6.0, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0 and 10.1.0 through 10.2.4, and PSM 11.0.0 through 11.4.1 and 10.1.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-0101 4 Canonical, F5, Linux and 1 more 27 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 24 more 2024-02-04 7.8 HIGH N/A
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
CVE-2014-2927 1 F5 19 Arx, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 16 more 2024-02-04 9.3 HIGH N/A
The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.
CVE-2014-8730 1 F5 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more 2024-02-04 4.3 MEDIUM N/A
The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, PEM 11.3.0 through 11.6.0, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.4.1 and BIG-IQ Cloud and Security 4.0.0 through 4.4.0 and Device 4.2.0 through 4.4.0, when using TLS 1.x before TLS 1.2, does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). NOTE: the scope of this identifier is limited to the F5 implementation only. Other vulnerable implementations should receive their own CVE ID, since this is not a vulnerability within the design of TLS 1.x itself.
CVE-2012-3163 6 Canonical, Debian, F5 and 3 more 21 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 18 more 2024-02-04 9.0 HIGH N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
CVE-2013-0150 1 F5 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more 2024-02-04 9.3 HIGH N/A
Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.