F5 SSL Orchestrator 15.0.1.4

CPE Details

F5 SSL Orchestrator 15.0.1.4
f5
ssl_orchestrator
15.0.1.4
2020-09-11
11h36 +00:00
2020-09-11
11h36 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:f5:ssl_orchestrator:15.0.1.4:*:*:*:*:*:*:*

Informations

Vendor

f5

Product

ssl_orchestrator

Version

15.0.1.4

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-22999 2021-03-31 15h29 +00:00 On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
7.5
High
CVE-2020-27719 2020-12-24 14h16 +00:00 On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.
6.1
Medium
CVE-2020-5947 2020-11-18 23h14 +00:00 In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE).
4.3
Medium
CVE-2020-5922 2020-08-26 12h44 +00:00 In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser.
8.8
High