F5 Big-Ip Wan Optimization Manager vulnerabilities

38 known vulnerabilities affecting f5/big-ip_wan_optimization_manager.

Total CVEs

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL9HIGH13MEDIUM15LOW1

Vulnerabilities

Page 2 of 2

CVE-2015-4040MEDIUMCVSS 4.0PoC≤ 11.3.02015-09-17

CVE-2015-4040 [MEDIUM] CWE-22 CVE-2015-4040: Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterp Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.

nvd

CVE-2015-4047HIGHCVSS 7.8≥ 11.0.0, ≤ 11.3.02015-05-29

CVE-2015-4047 [HIGH] CWE-476 CVE-2015-4047: racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL poin racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.

nvd

CVE-2014-8730MEDIUMCVSS 4.3v10.0.0v10.0.1+11 more2014-12-10

CVE-2014-8730 [MEDIUM] CVE-2014-8730: The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 1 The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, PEM 11.3.0 through 11.6.0, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.4

nvd

CVE-2014-6032MEDIUMCVSS 5.5v10.0.0v10.1.0+10 more2014-11-01

CVE-2014-6032 [MEDIUM] CVE-2014-6032: Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, AS Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PS

nvd

CVE-2014-4023MEDIUMCVSS 4.3v10.1.0v10.2.0+9 more2014-10-28

CVE-2014-4023 [MEDIUM] CWE-79 CVE-2014-4023: Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AAM 11.4.0 before 11.6.0, AFM and PEM 11.3.0 before 11.6.0, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0 and

nvd

CVE-2014-2927CRITICALCVSS 9.3PoCv10.0.0v10.0.1+11 more2014-10-15

CVE-2014-2927 [CRITICAL] CWE-287 CVE-2014-2927: The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 befor The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a

nvd

CVE-2014-7169CRITICALCVSS 9.8KEVPoC≥ 10.0.0, ≤ 10.2.4≥ 11.0.0, ≤ 11.3.02014-09-25

CVE-2014-7169 [CRITICAL] CVE-2014-7169: GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definiti GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgi

nvd

CVE-2014-6271CRITICALCVSS 9.8KEVPoC≥ 10.0.0, ≤ 10.2.4≥ 11.0.0, ≤ 11.3.02014-09-24

CVE-2014-6271 [CRITICAL] CWE-78 CVE-2014-6271: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environm GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts execute

nvd

CVE-2014-4027LOWCVSS 2.3≥ 11.1.0, ≤ 11.3.02014-06-23

CVE-2014-4027 [LOW] CWE-200 CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.1 The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

nvd

CVE-2014-3959MEDIUMCVSS 4.3v11.2.1v11.3.02014-06-03

CVE-2014-3959 [MEDIUM] CWE-79 CVE-2014-3959: Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remot

nvd

CVE-2014-2928HIGHCVSS 7.1PoCv10.0.0v10.0.1+5 more2014-05-12

CVE-2014-2928 [HIGH] CVE-2014-2928: The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through

nvd

CVE-2014-0196MEDIUMCVSS 5.5KEVPoC≥ 11.1.0, ≤ 11.3.02014-05-07

CVE-2014-0196 [MEDIUM] CWE-362 CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

nvd

CVE-2014-0101HIGHCVSS 7.8≥ 11.1.0, ≤ 11.3.02014-03-11

CVE-2014-0101 [HIGH] CWE-476 CVE-2014-0101: The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does n The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and

nvd

CVE-2012-3000HIGHCVSS 7.5v11.0.0v11.1.0+2 more2014-01-30

CVE-2012-3000 [HIGH] CWE-89 CVE-2012-3000: Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebG Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via

nvd

CVE-2013-6016HIGHCVSS 7.8v10.0.0v10.0.1+5 more2013-10-26

CVE-2013-6016 [HIGH] CWE-20 CVE-2013-6016: The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Control The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.3.0 might change a TCP connecti

nvd

CVE-2013-0150CRITICALCVSS 9.3≥ 10.1.0, ≤ 10.2.4≥ 11.0.0, ≤ 11.3.02013-08-09

CVE-2013-0150 [CRITICAL] CWE-22 CVE-2013-0150: Directory traversal vulnerability in an unspecified signed Java applet in the client-side components Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename pa

nvd

CVE-2012-3163CRITICALCVSS 9.0≥ 10.0.0, ≤ 10.2.4≥ 11.0.0, ≤ 11.3.02012-10-17

CVE-2012-3163 [CRITICAL] CVE-2012-3163: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

nvd

CVE-2011-3188CRITICALCVSS 9.1≥ 10.0.0, ≤ 10.2.4≥ 11.0.0, ≤ 11.1.02012-05-24

CVE-2011-3188 [CRITICAL] CVE-2011-3188: The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorith The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.

nvd

← Previous2 / 2