VYPR

BIG-IP ASM

by F5, Inc.

CVEs (11)

  • CVE-2019-6665CriNov 27, 2019
    risk 0.61cvss 9.4epss 0.01

    On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the…

  • CVE-2019-6650CriSep 20, 2019
    risk 0.59cvss 9.1epss 0.01

    F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings.

  • CVE-2024-23308HigFeb 14, 2024
    risk 0.49cvss 7.5epss 0.01

    When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content…

  • CVE-2024-21789HigFeb 14, 2024
    risk 0.49cvss 7.5epss 0.01

    When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

  • CVE-2020-27728HigDec 24, 2020
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon (AVRD) may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices.

  • CVE-2020-27718HigDec 24, 2020
    risk 0.49cvss 7.5epss 0.01

    When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, or 11.6.1-11.6.5.2 processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the…

  • CVE-2020-5914HigAug 26, 2020
    risk 0.49cvss 7.5epss 0.01

    In BIG-IP ASM versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed server cookie scenario may cause BD to restart under some circumstances.

  • CVE-2020-5879HigApr 30, 2020
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-IP system sends data plane traffic to back-end servers unencrypted, even when a Server SSL profile is applied.

  • CVE-2019-6682HigDec 23, 2019
    risk 0.49cvss 7.5epss 0.01

    On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP ASM system may consume excessive resources when processing certain types of HTTP responses from the origin web server. This vulnerability is only known to affect…

  • CVE-2019-6607MedMar 28, 2019
    risk 0.44cvss 6.8epss 0.01

    On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration utility. In the worst case, an attacker can store a CSRF which results in code…

  • CVE-2020-5932MedOct 29, 2020
    risk 0.31cvss 4.8epss 0.01

    On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that…