F5 Big-Ip Fraud Protection Service vulnerabilities

366 known vulnerabilities affecting f5/big-ip_fraud_protection_service.

Total CVEs

366

CISA KEV

6

actively exploited

Public exploits

9

Exploited in wild

6

Severity breakdown

CRITICAL25HIGH217MEDIUM121LOW3

Vulnerabilities

Page 19 of 19

CVE-2018-5532MEDIUMCVSS 5.3≥ 11.2.1, ≤ 11.5.6≥ 11.6.0, ≤ 11.6.3.1+2 more2018-07-19

CVE-2018-5532 [MEDIUM] CVE-2018-5532: On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within th On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name.

CVE-2018-13405HIGHCVSS 7.8PoC≥ 13.0.0, < 13.1.3.5≥ 14.0.0, < 14.1.3.1+3 more2018-07-06

CVE-2018-13405 [HIGH] CWE-269 CVE-2018-13405: The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to c The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is th

CVE-2018-5523HIGHCVSS 7.2≥ 11.5.1, ≤ 11.5.5≥ 11.6.1, ≤ 11.6.3+4 more2018-06-01

CVE-2018-5523 [HIGH] CVE-2018-5523: On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.

CVE-2018-5525MEDIUMCVSS 4.3≥ 11.2.1, ≤ 11.5.5≥ 11.6.0, ≤ 11.6.3+2 more2018-06-01

CVE-2018-5525 [MEDIUM] CWE-200 CVE-2018-5525: A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0- A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data.

CVE-2018-5524MEDIUMCVSS 5.3≥ 11.6.1, ≤ 11.6.3≥ 12.1.0, ≤ 12.1.3+1 more2018-06-01

CVE-2018-5524 [MEDIUM] CVE-2018-5524: Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, vir Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue.

CVE-2017-6153MEDIUMCVSS 5.3≥ 11.5.1, ≤ 11.5.5≥ 11.6.1, ≤ 11.6.3+4 more2018-06-01

CVE-2017-6153 [MEDIUM] CWE-400 CVE-2017-6153: Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 sy Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack.

← Previous19 / 19