CVE-2020-5883
- EPSS 1.28%
- Veröffentlicht 30.04.2020 21:15:17
- Zuletzt bearbeitet 21.11.2024 05:34:45
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTP_PROXY_REQUEST iRule, POST requests sent to the virtual server cause an xdata memory le...
CVE-2020-5884
- EPSS 1.5%
- Veröffentlicht 30.04.2020 21:15:17
- Zuletzt bearbeitet 21.11.2024 05:34:45
On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure. This is a control plane issue that is exposed only on the n...
CVE-2020-5885
- EPSS 0.81%
- Veröffentlicht 30.04.2020 21:15:17
- Zuletzt bearbeitet 21.11.2024 05:34:45
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel. This...
CVE-2020-5886
- EPSS 0.81%
- Veröffentlicht 30.04.2020 21:15:17
- Zuletzt bearbeitet 21.11.2024 05:34:46
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel. This...
CVE-2020-5887
- EPSS 1.8%
- Veröffentlicht 30.04.2020 21:15:17
- Zuletzt bearbeitet 21.11.2024 05:34:46
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings.
CVE-2020-5889
- EPSS 0.72%
- Veröffentlicht 30.04.2020 21:15:17
- Zuletzt bearbeitet 21.11.2024 05:34:46
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and se...
CVE-2020-5891
- EPSS 1.24%
- Veröffentlicht 30.04.2020 21:15:17
- Zuletzt bearbeitet 21.11.2024 05:34:46
On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile.
CVE-2020-5893
- EPSS 0.56%
- Veröffentlicht 30.04.2020 21:15:17
- Zuletzt bearbeitet 21.11.2024 05:34:46
In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.
CVE-2020-5873
- EPSS 1.39%
- Veröffentlicht 30.04.2020 21:15:16
- Zuletzt bearbeitet 21.11.2024 05:34:44
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Adv...
CVE-2020-5874
- EPSS 1.28%
- Veröffentlicht 30.04.2020 21:15:16
- Zuletzt bearbeitet 21.11.2024 05:34:44
On BIG-IP APM 15.0.0-15.0.1.2, 14.1.0-14.1.2.3, and 14.0.0-14.0.1, in certain circumstances, an attacker sending specifically crafted requests to a BIG-IP APM virtual server may cause a disruption of service provided by the Traffic Management Microke...