cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2019-19151,https://securityvulnerability.io/vulnerability/CVE-2019-19151,,"On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.",F5,"Big-ip, Big-iq, Iworkflow, Enterprise Manager",5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2019-12-23T18:03:02.000Z,0
CVE-2019-6665,https://securityvulnerability.io/vulnerability/CVE-2019-6665,,"On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5 iWorkflow will be able to set up the proxy the same way and intercept the traffic.",F5,"Big-ip Asm,Big-iq,Iworkflow,Enterprise Manager",9.4,CRITICAL,0.001970000099390745,false,false,false,false,,false,false,2019-11-27T21:57:58.000Z,0
CVE-2019-6663,https://securityvulnerability.io/vulnerability/CVE-2019-6663,,"The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack.",F5,"Big-ip, Big-iq, Iworkflow, Enterprise Manager",5.5,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2019-11-15T20:40:26.000Z,0
CVE-2019-6651,https://securityvulnerability.io/vulnerability/CVE-2019-6651,,"In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request.",F5,"Big-ip, Big-iq, Iworkflow, Enterprise Manager",5.3,MEDIUM,0.0008999999845400453,false,false,false,false,,false,false,2019-09-25T17:39:36.000Z,0
CVE-2019-6649,https://securityvulnerability.io/vulnerability/CVE-2019-6649,,"F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.",F5 Networks,"Big-ip, Enterprise Manager",9.1,CRITICAL,0.0016799999866634607,false,false,false,false,,false,false,2019-09-20T19:52:39.000Z,0
CVE-2019-6646,https://securityvulnerability.io/vulnerability/CVE-2019-6646,,"On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges.",F5,"Big-ip, Enterprise Manager",8.8,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2019-09-04T17:13:02.000Z,0
CVE-2019-6642,https://securityvulnerability.io/vulnerability/CVE-2019-6642,,"In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp.",F5,"Big-ip, Big-iq, Iworkflow, Enterprise Manager",8.8,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2019-07-01T20:21:01.000Z,0
CVE-2019-6597,https://securityvulnerability.io/vulnerability/CVE-2019-6597,,"In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator); Enterprise Manager",7.2,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2019-03-11T00:00:00.000Z,0
CVE-2019-6598,https://securityvulnerability.io/vulnerability/CVE-2019-6598,,"In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role (other than the No Access role). The No Access user role cannot login and does not have the access level to perform the attack.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Webaccelerator, Websafe); Enterprise Manager",4.3,MEDIUM,0.0007099999929778278,false,false,false,false,,false,false,2019-03-11T00:00:00.000Z,0
CVE-2019-6599,https://securityvulnerability.io/vulnerability/CVE-2019-6599,,"In BIG-IP 11.6.1-11.6.3.2 or 11.5.1-11.5.8, or Enterprise Manager 3.1.1, improper escaping of values in an undisclosed page of the configuration utility may result with an improper handling on the JSON response when it is injected by a malicious script via a remote cross-site scripting (XSS) attack.",F5,Big-ip Apm; Enterprise Manager,6.1,MEDIUM,0.0006699999794363976,false,false,false,false,,false,false,2019-03-11T00:00:00.000Z,0
CVE-2018-15329,https://securityvulnerability.io/vulnerability/CVE-2018-15329,,"On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator), Enterprise Manager",7.2,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2018-12-20T00:00:00.000Z,0
CVE-2018-15328,https://securityvulnerability.io/vulnerability/CVE-2018-15328,,"On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator), Enterprise Manager, Big-iq Centralized Management, F5 Iworkflow",7.5,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2018-12-12T14:00:00.000Z,0
CVE-2018-15322,https://securityvulnerability.io/vulnerability/CVE-2018-15322,,"On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Webaccelerator, Websafe), Big-iq Centralized Management, Big-iq Cloud And Orchestration, Iworkflow, Enterprise Manager",6.5,MEDIUM,0.0007200000109151006,false,false,false,false,,false,false,2018-10-31T14:00:00.000Z,0
CVE-2018-15321,https://securityvulnerability.io/vulnerability/CVE-2018-15321,,"When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator), Big-iq Centralized Management, Big-iq Cloud And Orchestration, Iworkflow, Enterprise Manager",4.9,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2018-10-31T14:00:00.000Z,0
CVE-2018-15327,https://securityvulnerability.io/vulnerability/CVE-2018-15327,,"In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator), Enterprise Manager",7.2,HIGH,0.0009299999801442027,false,false,false,false,,false,false,2018-10-31T14:00:00.000Z,0
CVE-2018-5540,https://securityvulnerability.io/vulnerability/CVE-2018-5540,,"On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.",F5,"Big-ip (dns, Gtm),Enterprise Manager,Big-iq Centralized Management,Big-iq Cloud And Orchestration,F5 Iworkflow",4.4,MEDIUM,0.0007900000200606883,false,false,false,false,,false,false,2018-07-19T14:29:00.000Z,0
CVE-2018-5523,https://securityvulnerability.io/vulnerability/CVE-2018-5523,,"On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator),Enterprise Manager",7.2,HIGH,0.001979999942705035,false,false,false,false,,false,false,2018-06-01T14:29:00.000Z,0
CVE-2018-5516,https://securityvulnerability.io/vulnerability/CVE-2018-5516,,"On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Webaccelerator, Websafe),Enterprise Manager,Big-iq Centralized Management,Big-iq Cloud And Orchestration,Iworkflow",4.7,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2018-05-02T13:29:00.000Z,0
CVE-2017-6128,https://securityvulnerability.io/vulnerability/CVE-2017-6128,,"An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.",F5,"Big-ip Ltm, Aam, Afm, Analytics, Apm, Asm, Edge Gateway, Gtm, Link Controller, Pem, Psm, Webaccelerator, Websafe,Enterprise Manager,Big-iq Cloud, Device, Security, Adc, Centralized Management, Cloud And Orchestration,Iworkflow",7.5,HIGH,0.002580000087618828,false,false,false,false,,false,false,2017-05-01T15:00:00.000Z,0
CVE-2015-4040,https://securityvulnerability.io/vulnerability/CVE-2015-4040,,Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.,F5,Enterprise Manager,,,0.03342999890446663,false,false,false,false,,false,false,2015-09-17T16:00:00.000Z,0
CVE-2014-2927,https://securityvulnerability.io/vulnerability/CVE-2014-2927,,"The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.",F5,"Big-ip Protocol Security Module,Arx,Big-ip Wan Optimization Manager,Big-ip Local Traffic Manager,Big-ip Access Policy Manager,Big-ip Link Controller,Big-ip Webaccelerator,Big-ip Application Security Manager,Big-ip Analytics,Big-ip Edge Gateway,Big-ip Global Traffic Manager,Firepass,Big-iq Security,Big-iq Cloud,Enterprise Manager,Big-ip Advanced Firewall Manager,Big-ip Policy Enforcement Manager,Big-ip Application Acceleration Manager,Big-iq Device",,,0.0760900005698204,false,false,false,false,,false,false,2014-10-15T14:00:00.000Z,0
CVE-2014-3959,https://securityvulnerability.io/vulnerability/CVE-2014-3959,,"Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.",F5,"Big-ip Protocol Security Module,Big-ip Advanced Firewall Manager,Big-ip Edge Gateway,Big-ip Local Traffic Manager,Big-ip Wan Optimization Manager,Big-ip Link Controller,Big-ip Application Security Manager,Big-ip Analytics,Big-ip Global Traffic Manager,Big-ip Application Acceleration Manager,Big-ip Webaccelerator,Big-ip Access Policy Manager,Enterprise Manager,Big-ip Policy Enforcement Manager",,,0.0025599999353289604,false,false,false,false,,false,false,2014-06-03T14:00:00.000Z,0