6.5

CVE-2019-6634

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any role.

Data is provided by the National Vulnerability Database (NVD)
F5Big-ip Local Traffic Manager Version >= 12.1.0 < 12.1.4.1
F5Big-ip Local Traffic Manager Version >= 13.0.0 < 13.1.1.5
F5Big-ip Local Traffic Manager Version >= 14.0.0 < 14.0.0.5
F5Big-ip Local Traffic Manager Version >= 14.1.0 < 14.1.0.6
F5Big-ip Application Acceleration Manager Version >= 12.1.0 < 12.1.4.1
F5Big-ip Application Acceleration Manager Version >= 13.0.0 < 13.1.1.5
F5Big-ip Application Acceleration Manager Version >= 14.0.0 < 14.0.0.5
F5Big-ip Application Acceleration Manager Version >= 14.1.0 < 14.1.0.6
F5Big-ip Advanced Firewall Manager Version >= 12.1.0 < 12.1.4.1
F5Big-ip Advanced Firewall Manager Version >= 13.0.0 < 13.1.1.5
F5Big-ip Advanced Firewall Manager Version >= 14.0.0 < 14.0.0.5
F5Big-ip Advanced Firewall Manager Version >= 14.1.0 < 14.1.0.6
F5Big-ip Analytics Version >= 12.1.0 < 12.1.4.1
F5Big-ip Analytics Version >= 13.0.0 < 13.1.1.5
F5Big-ip Analytics Version >= 14.0.0 < 14.0.0.5
F5Big-ip Analytics Version >= 14.1.0 < 14.1.0.6
F5Big-ip Access Policy Manager Version >= 12.1.0 < 12.1.4.1
F5Big-ip Access Policy Manager Version >= 13.0.0 < 13.1.1.5
F5Big-ip Access Policy Manager Version >= 14.0.0 < 14.0.0.5
F5Big-ip Access Policy Manager Version >= 14.1.0 < 14.1.0.6
F5Big-ip Application Security Manager Version >= 12.1.0 < 12.1.4.1
F5Big-ip Application Security Manager Version >= 13.0.0 < 13.1.1.5
F5Big-ip Application Security Manager Version >= 14.0.0 < 14.0.0.5
F5Big-ip Application Security Manager Version >= 14.1.0 < 14.1.0.6
F5Big-ip Domain Name System Version >= 12.1.0 < 12.1.4.1
F5Big-ip Domain Name System Version >= 13.0.0 < 13.1.1.5
F5Big-ip Domain Name System Version >= 14.0.0 < 14.0.0.5
F5Big-ip Domain Name System Version >= 14.1.0 < 14.1.0.6
F5Big-ip Edge Gateway Version >= 12.1.0 < 12.1.4.1
F5Big-ip Edge Gateway Version >= 13.0.0 < 13.1.1.5
F5Big-ip Edge Gateway Version >= 14.0.0 < 14.0.0.5
F5Big-ip Edge Gateway Version >= 14.1.0 < 14.1.0.6
F5Big-ip Global Traffic Manager Version >= 12.1.0 < 12.1.4.1
F5Big-ip Global Traffic Manager Version >= 13.0.0 < 13.1.1.5
F5Big-ip Global Traffic Manager Version >= 14.0.0 < 14.0.0.5
F5Big-ip Global Traffic Manager Version >= 14.1.0 < 14.1.0.6
F5Big-ip Link Controller Version >= 12.1.0 < 12.1.4.1
F5Big-ip Link Controller Version >= 13.0.0 < 13.1.1.5
F5Big-ip Link Controller Version >= 14.0.0 < 14.0.0.5
F5Big-ip Link Controller Version >= 14.1.0 < 14.1.0.6
F5Big-ip Policy Enforcement Manager Version >= 12.1.0 < 12.1.4.1
F5Big-ip Policy Enforcement Manager Version >= 13.0.0 < 13.1.1.5
F5Big-ip Policy Enforcement Manager Version >= 14.0.0 < 14.0.0.5
F5Big-ip Policy Enforcement Manager Version >= 14.1.0 < 14.1.0.6
F5Big-ip Webaccelerator Version >= 12.1.0 < 12.1.4.1
F5Big-ip Webaccelerator Version >= 13.0.0 < 13.1.1.5
F5Big-ip Webaccelerator Version >= 14.0.0 < 14.0.0.5
F5Big-ip Webaccelerator Version >= 14.1.0 < 14.1.0.6
F5Big-ip Fraud Protection Service Version >= 12.1.0 < 12.1.4.1
F5Big-ip Fraud Protection Service Version >= 13.0.0 < 13.1.1.5
F5Big-ip Fraud Protection Service Version >= 14.0.0 < 14.0.0.5
F5Big-ip Fraud Protection Service Version >= 14.1.0 < 14.1.0.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.34% 0.558
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
http://www.securityfocus.com/bid/109104
Third Party Advisory
VDB Entry