cbcvebase.
CVE-2019-6634
published 2019-07-03

CVE-2019-6634: On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in…

medium6.5CVSS 3.0
AVNACLPRLUINSUCNINAH
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any role.

Affected

70 ranges· showing 25
VendorProductVersion rangeFixed in
f5big-ip
f5big-ip
f5big-ip
f5big-ip
f5big-ip_aam
f5big-ip_access_policy_manager>= 12.1.0 < 12.1.4.112.1.4.1
f5big-ip_access_policy_manager>= 13.0.0 < 13.1.1.513.1.1.5
f5big-ip_access_policy_manager>= 14.0.0 < 14.0.0.514.0.0.5
f5big-ip_access_policy_manager>= 14.1.0 < 14.1.0.614.1.0.6
f5big-ip_advanced_firewall_manager>= 12.1.0 < 12.1.4.112.1.4.1
f5big-ip_advanced_firewall_manager>= 13.0.0 < 13.1.1.513.1.1.5
f5big-ip_advanced_firewall_manager>= 14.0.0 < 14.0.0.514.0.0.5
f5big-ip_advanced_firewall_manager>= 14.1.0 < 14.1.0.614.1.0.6
f5big-ip_afm
f5big-ip_analytics
f5big-ip_analytics>= 12.1.0 < 12.1.4.112.1.4.1
f5big-ip_analytics>= 13.0.0 < 13.1.1.513.1.1.5
f5big-ip_analytics>= 14.0.0 < 14.0.0.514.0.0.5
f5big-ip_analytics>= 14.1.0 < 14.1.0.614.1.0.6
f5big-ip_apm
f5big-ip_application_acceleration_manager>= 12.1.0 < 12.1.4.112.1.4.1
f5big-ip_application_acceleration_manager>= 13.0.0 < 13.1.1.513.1.1.5
f5big-ip_application_acceleration_manager>= 14.0.0 < 14.0.0.514.0.0.5
f5big-ip_application_acceleration_manager>= 14.1.0 < 14.1.0.614.1.0.6
f5big-ip_application_security_manager>= 12.1.0 < 12.1.4.112.1.4.1