» 2020 » 5월

CVE-2020-5879

Posted on 2020년 5월 1일2020년 5월 1일 by admin

CVE-2020-5879

On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-IP system sends data plane traffic to back-end servers unencrypted, even when a Server SSL profile is applied.

Source: CVE-2020-5879

CVE-2020-5874

Posted on 2020년 5월 1일2020년 5월 1일 by admin

CVE-2020-5874

On BIG-IP APM 15.0.0-15.0.1.2, 14.1.0-14.1.2.3, and 14.0.0-14.0.1, in certain circumstances, an attacker sending specifically crafted requests to a BIG-IP APM virtual server may cause a disruption of service provided by the Traffic Management Microkernel(TMM).

Source: CVE-2020-5874

CVE-2020-5873

Posted on 2020년 5월 1일2020년 5월 1일 by admin

CVE-2020-5873

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request.

Source: CVE-2020-5873

CVE-2020-5878

Posted on 2020년 5월 1일2020년 5월 1일 by admin

CVE-2020-5878

On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.3, Traffic Management Microkernel (TMM) may restart on BIG-IP Virtual Edition (VE) while processing unusual IP traffic.

Source: CVE-2020-5878

CVE-2020-5875

Posted on 2020년 5월 1일2020년 5월 1일 by admin

CVE-2020-5875

On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, the Traffic Management Microkernel (TMM) may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy.

Source: CVE-2020-5875

CVE-2020-5876

Posted on 2020년 5월 1일2020년 5월 1일 by admin

CVE-2020-5876

On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Management Microkernel (TMM) first starts up.

Source: CVE-2020-5876

CVE-2020-5877

Posted on 2020년 5월 1일2020년 5월 1일 by admin

CVE-2020-5877

On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, malformed input to the DATAGRAM::tcp iRules command within a FLOW_INIT event may lead to a denial of service.

Source: CVE-2020-5877

CVE-2019-0235

Posted on 2020년 5월 1일2020년 5월 1일 by admin

CVE-2019-0235

Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.

Source: CVE-2019-0235

CVE-2020-7136

Posted on 2020년 5월 1일2020년 5월 1일 by admin

CVE-2020-7136

A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP).

Source: CVE-2020-7136

CVE-2019-12425

Posted on 2020년 5월 1일2020년 5월 1일 by admin

CVE-2019-12425

Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host

Source: CVE-2019-12425