cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-19151,https://securityvulnerability.io/vulnerability/CVE-2019-19151,Improper Access Control in BIG-IP and BIG-IQ Products by F5 Networks,"On specific versions of F5 Networks' BIG-IP and BIG-IQ products, an improper access control vulnerability allows authenticated users with low privileges to bypass normal restrictions and access system objects on the file system. This could lead to exposure of sensitive information or unauthorized operations, necessitating immediate attention and remediation.",F5,"Big-ip, Big-iq, Iworkflow, Enterprise Manager",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-12-23T18:03:02.000Z,0
CVE-2019-6665,https://securityvulnerability.io/vulnerability/CVE-2019-6665,Improper Input Validation in F5 BIG-IP ASM and BIG-IQ,"The vulnerability in F5 BIG-IP ASM and BIG-IQ allows an attacker with access to the communication channel to manipulate the traffic between Central Policy Builder and the management components. This situation arises due to improper input validation, enabling potential interception of sensitive data during the communication process.",F5,"Big-ip Asm,Big-iq,Iworkflow,Enterprise Manager",9.4,CRITICAL,0.001970000099390745,false,,false,false,false,,,false,false,,2019-11-27T21:57:58.000Z,0
CVE-2019-6663,https://securityvulnerability.io/vulnerability/CVE-2019-6663,Anti DNS Pinning Vulnerability in F5 BIG-IP and BIG-IQ Products,"F5 BIG-IP and BIG-IQ products are susceptible to an Anti DNS Pinning (DNS Rebinding) vulnerability, which may allow attackers to exploit misuse of the DNS resolution process. This flaw affects various versions of the BIG-IP and BIG-IQ configuration utilities and can potentially enable malicious actors to craft requests that can lead to unauthorized actions on behalf of legitimate users. Proper security measures should be taken to mitigate risks associated with this vulnerability.",F5,"Big-ip, Big-iq, Iworkflow, Enterprise Manager",5.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2019-11-15T20:40:26.000Z,0
CVE-2019-6651,https://securityvulnerability.io/vulnerability/CVE-2019-6651,Security Flaw in BIG-IP and BIG-IQ Products from F5 Networks,"A security vulnerability exists in F5 Networks' BIG-IP and BIG-IQ products where the Configuration utility login page may not adequately secure against malicious requests. This could potentially allow an attacker to exploit the utility, increasing the risk of unauthorized access and impacting system integrity. It is crucial for users to implement recommended security practices to safeguard their environments.",F5,"Big-ip, Big-iq, Iworkflow, Enterprise Manager",5.3,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2019-09-25T17:39:36.000Z,0
CVE-2019-6649,https://securityvulnerability.io/vulnerability/CVE-2019-6649,Sensitive Information Exposure in F5 BIG-IP and Enterprise Manager,"F5 BIG-IP and Enterprise Manager may inadvertently reveal sensitive information and enable unauthorized changes to system configurations when non-standard ConfigSync settings are employed. This can lead to potential exploitation by malicious actors who gain access to sensitive data and system controls, posing a significant security threat.",F5 Networks,"Big-ip, Enterprise Manager",9.1,CRITICAL,0.0016799999866634607,false,,false,false,false,,,false,false,,2019-09-20T19:52:39.000Z,0
CVE-2019-6646,https://securityvulnerability.io/vulnerability/CVE-2019-6646,Privilege Escalation Vulnerability in BIG-IP and Enterprise Manager by F5 Networks,"A security flaw exists in the BIG-IP and Enterprise Manager products from F5 Networks, allowing REST users with guest privileges to potentially escalate their access rights. This vulnerability could enable unauthorized users to execute commands with administrative privileges, which poses a significant risk to system integrity and security.",F5,"Big-ip, Enterprise Manager",8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2019-09-04T17:13:02.000Z,0
CVE-2019-6642,https://securityvulnerability.io/vulnerability/CVE-2019-6642,Privilege Escalation in F5 Networks BIG-IP and BIG-IQ Products,"In specific versions of F5 Networks' BIG-IP and BIG-IQ products, a vulnerability allows authenticated users who can upload files through methods like SCP to escalate their privileges. This may enable an attacker to gain root shell access within the TMOS Shell (tmsh) interface, which subsequently allows the execution of commands through secondary programs. The ability to misuse this functionality can pose substantial risks to system integrity and confidentiality.",F5,"Big-ip, Big-iq, Iworkflow, Enterprise Manager",8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2019-07-01T20:21:01.000Z,0
CVE-2019-6598,https://securityvulnerability.io/vulnerability/CVE-2019-6598,Traffic Management User Interface Vulnerability in F5 BIG-IP,"In the F5 BIG-IP version range of 11.5.1 to 14.0.0.2, a vulnerability exists in the Traffic Management User Interface (TMUI) that allows authenticated users to submit malformed requests. This can lead to a disruption of TMUI services. Users with any role except the No Access role can exploit this vulnerability, as they possess sufficient access rights to perform the attack on the TMUI.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Webaccelerator, Websafe); Enterprise Manager",4.3,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2019-03-11T00:00:00.000Z,0
CVE-2019-6599,https://securityvulnerability.io/vulnerability/CVE-2019-6599,XSS Vulnerability in F5 BIG-IP and Enterprise Manager,"An XSS vulnerability affects versions of F5 BIG-IP and Enterprise Manager, stemming from improper escaping of values in a configuration utility's page. Attackers could exploit this flaw to inject malicious scripts, which would manipulate JSON responses. This weakness poses a significant risk, as it allows unauthorized users to execute scripts in the context of a user's session, potentially leading to unauthorized access and data manipulation.",F5,Big-ip Apm; Enterprise Manager,6.1,MEDIUM,0.0006699999794363976,false,,false,false,false,,,false,false,,2019-03-11T00:00:00.000Z,0
CVE-2019-6597,https://securityvulnerability.io/vulnerability/CVE-2019-6597,Command Restriction Flaw in BIG-IP Configuration Utility by F5 Networks,"A command restriction flaw exists in F5 Networks’ BIG-IP where authenticated administrative users can execute unauthorized commands through the Traffic Management User Interface (TMUI). This vulnerability may lead to unintended administrative access and manipulation of system settings, compromising the security posture of the application and potentially exposing sensitive data or configurations.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator); Enterprise Manager",7.2,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2019-03-11T00:00:00.000Z,0
CVE-2018-15329,https://securityvulnerability.io/vulnerability/CVE-2018-15329,,"On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator), Enterprise Manager",7.2,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2018-12-20T00:00:00.000Z,0
CVE-2018-15328,https://securityvulnerability.io/vulnerability/CVE-2018-15328,,"On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator), Enterprise Manager, Big-iq Centralized Management, F5 Iworkflow",7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2018-12-12T14:00:00.000Z,0
CVE-2018-15322,https://securityvulnerability.io/vulnerability/CVE-2018-15322,,"On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Webaccelerator, Websafe), Big-iq Centralized Management, Big-iq Cloud And Orchestration, Iworkflow, Enterprise Manager",6.5,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2018-10-31T14:00:00.000Z,0
CVE-2018-15321,https://securityvulnerability.io/vulnerability/CVE-2018-15321,,"When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator), Big-iq Centralized Management, Big-iq Cloud And Orchestration, Iworkflow, Enterprise Manager",4.9,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2018-10-31T14:00:00.000Z,0
CVE-2018-15327,https://securityvulnerability.io/vulnerability/CVE-2018-15327,,"In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator), Enterprise Manager",7.2,HIGH,0.0009299999801442027,false,,false,false,false,,,false,false,,2018-10-31T14:00:00.000Z,0
CVE-2018-5540,https://securityvulnerability.io/vulnerability/CVE-2018-5540,,"On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.",F5,"Big-ip (dns, Gtm),Enterprise Manager,Big-iq Centralized Management,Big-iq Cloud And Orchestration,F5 Iworkflow",4.4,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-07-19T14:29:00.000Z,0
CVE-2018-5523,https://securityvulnerability.io/vulnerability/CVE-2018-5523,,"On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator),Enterprise Manager",7.2,HIGH,0.001979999942705035,false,,false,false,false,,,false,false,,2018-06-01T14:29:00.000Z,0
CVE-2018-5516,https://securityvulnerability.io/vulnerability/CVE-2018-5516,,"On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Webaccelerator, Websafe),Enterprise Manager,Big-iq Centralized Management,Big-iq Cloud And Orchestration,Iworkflow",4.7,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2018-05-02T13:29:00.000Z,0
CVE-2017-6128,https://securityvulnerability.io/vulnerability/CVE-2017-6128,,"An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.",F5,"Big-ip Ltm, Aam, Afm, Analytics, Apm, Asm, Edge Gateway, Gtm, Link Controller, Pem, Psm, Webaccelerator, Websafe,Enterprise Manager,Big-iq Cloud, Device, Security, Adc, Centralized Management, Cloud And Orchestration,Iworkflow",7.5,HIGH,0.002580000087618828,false,,false,false,false,,,false,false,,2017-05-01T15:00:00.000Z,0
CVE-2015-4040,https://securityvulnerability.io/vulnerability/CVE-2015-4040,,Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.,F5,Enterprise Manager,,,0.03342999890446663,false,,false,false,false,,,false,false,,2015-09-17T16:00:00.000Z,0
CVE-2014-2927,https://securityvulnerability.io/vulnerability/CVE-2014-2927,,"The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.",F5,"Big-ip Protocol Security Module,Arx,Big-ip Wan Optimization Manager,Big-ip Local Traffic Manager,Big-ip Access Policy Manager,Big-ip Link Controller,Big-ip Webaccelerator,Big-ip Application Security Manager,Big-ip Analytics,Big-ip Edge Gateway,Big-ip Global Traffic Manager,Firepass,Big-iq Security,Big-iq Cloud,Enterprise Manager,Big-ip Advanced Firewall Manager,Big-ip Policy Enforcement Manager,Big-ip Application Acceleration Manager,Big-iq Device",,,0.0760900005698204,false,,false,false,false,,,false,false,,2014-10-15T14:00:00.000Z,0
CVE-2014-3959,https://securityvulnerability.io/vulnerability/CVE-2014-3959,,"Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.",F5,"Big-ip Protocol Security Module,Big-ip Advanced Firewall Manager,Big-ip Edge Gateway,Big-ip Local Traffic Manager,Big-ip Wan Optimization Manager,Big-ip Link Controller,Big-ip Application Security Manager,Big-ip Analytics,Big-ip Global Traffic Manager,Big-ip Application Acceleration Manager,Big-ip Webaccelerator,Big-ip Access Policy Manager,Enterprise Manager,Big-ip Policy Enforcement Manager",,,0.0025599999353289604,false,,false,false,false,,,false,false,,2014-06-03T14:00:00.000Z,0