F5 » Big-ip Policy Enforcement Manager : Security Vulnerabilities, CVEs, Published In 2020 (CSRF)
In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser.
Max CVSS
9.3
EPSS Score
0.07%
Published
2020-08-26
Updated
2020-09-02
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page.
Max CVSS
8.8
EPSS Score
0.07%
Published
2020-07-01
Updated
2020-07-10
2 vulnerabilities found