CVE-2019-6649

Summary

F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.

Affected Software

VendorProductVersion RangeStatus
F5 NetworksBIG-IP, Enterprise ManagerBIG-IP 15.0.0affected
F5 NetworksBIG-IP, Enterprise Manager14.1.0-14.1.0.6affected
F5 NetworksBIG-IP, Enterprise Manager14.0.0-14.0.0.5affected
F5 NetworksBIG-IP, Enterprise Manager13.0.0-13.1.1.5affected
F5 NetworksBIG-IP, Enterprise Manager12.1.0-12.1.4.1affected
F5 NetworksBIG-IP, Enterprise Manager11.6.0-11.6.4affected
F5 NetworksBIG-IP, Enterprise Manager11.5.1-11.5.9affected
F5 NetworksBIG-IP, Enterprise ManagerEM 3.1.1affected

Weaknesses

  • Information Disclosure and Unauthorized Access

ADP Enrichment

CVE Program Container

Additional References

References