製品脆弱性情報
F5
1. CVE-2020-5939 - BIG-IP VE network interface vulnerability - Severity: High - CVSS Score: 7.5 BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface Controller (NIC) card and Single Root I/O Virtualization (SR-IOV) enabled on vSphere, may fail and leave the Traffic Management Microkernel (TMM) in a state where it cannot transmit traffic. Details on this issue can be found at: https://support.f5.com/csp/article/K75111593 ------------------------------------------------------------------------------------------------------------ 2. CVE-2020-5940 - BIG-IP TMUI Vulnerability - Severity: High - CVSS Score: 8.0 A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility. Details on this issue can be found at: https://support.f5.com/csp/article/K43310520 ------------------------------------------------------------------------------------------------------------ 3. CVE-2020-5941 - F5 iRules RESOLV::lookup command vulnerability - Severity: High - CVSS Score: 7.5 Using the RESOLV::lookup command within an iRule may cause the Traffic Management Microkernel (TMM) to generate a core file and restart. This issue occurs when data exceeding the maximum limit of a hostname passes to the RESOLV::lookup command. Details on this issue can be found at: https://support.f5.com/csp/article/K03125360 ------------------------------------------------------------------------------------------------------------ 4. CVE-2020-5942 - BIG-IP Diameter vulnerability - Severity: High - CVSS Score: 7.5 When processing Capabilities-Exchange-Answer (CEA) packets with certain attributes from the Policy and Charging Rules Function (PCRF) server, the Traffic Management Microkernel (TMM) may generate a core file and restart. Details on this issue can be found at: https://support.f5.com/csp/article/K82530456 ------------------------------------------------------------------------------------------------------------ 5. CVE-2020-5943 - iControl REST Vulnerability - Severity: Medium - CVSS Score: 5.3 When a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password. Details on this issue can be found at: https://support.f5.com/csp/article/K20059815 ------------------------------------------------------------------------------------------------------------ 6. CVE-2020-5944 - BIG-IQ system interface vulnerability - Severity: Medium - CVSS Score: 4.2 Accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. Details on this issue can be found at: https://support.f5.com/csp/article/K57274211 ------------------------------------------------------------------------------------------------------------ 7. CVE-2020-5945 - F5 TMUI XSS vulnerability - Severity: Medium - CVSS Score: 6.8 Undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate to full admin. Details on this issue can be found at: https://support.f5.com/csp/article/K21540525 ------------------------------------------------------------------------------------------------------------ 8. CVE-2020-5946 - TMM vulnerability - Severity: Medium - CVSS Score: 5.9 Under some circumstances, certain format client-side alerts sent to the BIG-IP virtual server configured with DataSafe may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS). Details on this issue can be found at: https://support.f5.com/csp/article/K53821711 ------------------------------------------------------------------------------------------------------------ 9. ID900793 - Brute Force Attack Prevention feature may erroneously stop prevention before an attack is over - Severity: Exposure The Brute Force Attack Prevention feature may stop prevention before the attack is over Details on this issue can be found at: https://support.f5.com/csp/article/K32055534
Microsoft* CVE-2020-1472 |