threat
engine
.sh
Back
·
··:··
Home
/
Product
/
f5 enterprise manager
Product
f5 enterprise manager
100 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-20916
all versions
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management).
8.3
HIGH
CVE-2022-29596
all versions
MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/../../
9.8
CRITICAL
CVE-2020-21993
all versions
In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned
6.1
MEDIUM
CVE-2021-2134
all versions
Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin)
6.5
MEDIUM
CVE-2021-2008
all versions
Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin)
7.3
HIGH
CVE-2020-5854
all versions
On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes un
5.9
MEDIUM
CVE-2020-2641
all versions
Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Discovery Framework).
6.0
MEDIUM
CVE-2020-2640
all versions
Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Target Management). S
6.0
MEDIUM
CVE-2020-2638
all versions
Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Enterprise Config Man
6.0
MEDIUM
CVE-2020-2637
all versions
Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Change Manager - web
6.0
MEDIUM
CVE-2014-5209
all versions
An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, whi
5.3
MEDIUM
CVE-2019-19151
all versions
On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0
5.5
MEDIUM
CVE-2019-6665
all versions
On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and
9.4
CRITICAL
CVE-2019-6663
all versions
The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2
5.5
MEDIUM
CVE-2018-12207
all versions
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an aut
6.5
MEDIUM
CVE-2019-2895
all versions
Vulnerability in the Enterprise Manager for Exadata product of Oracle Enterprise Manager (component: Exadata Plug-In Deploy and In
7.5
HIGH
CVE-2019-6471
all versions
A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure i
5.9
MEDIUM
CVE-2018-5743
all versions
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed conn
7.5
HIGH
CVE-2018-14880
all versions
The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
7.5
HIGH
CVE-2018-14468
all versions
The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
7.5
HIGH
CVE-2019-6651
all versions
In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2
5.3
MEDIUM
CVE-2019-6646
all versions
On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges an
8.8
HIGH
CVE-2019-6642
all versions
In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkf
8.8
HIGH
CVE-2019-11479
all versions
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP
7.5
HIGH
CVE-2019-6598
all versions
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malfor
4.3
MEDIUM
CVE-2019-6597
all versions
In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated admi
7.2
HIGH
CVE-2018-15329
all versions
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative use
7.2
HIGH
CVE-2018-15328
all versions
On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for
7.5
HIGH
CVE-2018-10587
< 10.0.57
NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilit
7.2
HIGH
CVE-2018-10586
< 10.1.12
NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities in versions before 10.1.
4.8
MEDIUM
CVE-2018-15327
all versions
In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in
7.2
HIGH
CVE-2018-15322
all versions
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.
6.5
MEDIUM
CVE-2018-15321
all versions
When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.
4.9
MEDIUM
CVE-2018-14634
all versions
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to S
7.8
HIGH
CVE-2018-5540
all versions
On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Manag
4.4
MEDIUM
CVE-2018-11040
all versions
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications
7.5
HIGH
CVE-2018-5523
all versions
On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, whe
7.2
HIGH
CVE-2017-17407
all versions
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Man
9.8
CRITICAL
CVE-2017-17406
< 7.2.766
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Au
9.8
CRITICAL
CVE-2017-16610
< 7.2.766
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Au
9.8
CRITICAL
CVE-2017-16609
< 7.2.766
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Man
7.5
HIGH
CVE-2017-16608
< 7.2.766
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Au
9.8
CRITICAL
CVE-2017-16607
< 7.2.766
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Man
7.5
HIGH
CVE-2017-16606
all versions
This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Syst
8.8
HIGH
CVE-2017-16605
all versions
This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise
6.5
MEDIUM
CVE-2017-16604
all versions
This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise
6.5
MEDIUM
CVE-2017-16603
all versions
This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Syst
8.8
HIGH
CVE-2017-16602
all versions
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Man
8.8
HIGH
CVE-2017-16601
all versions
This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise
6.5
MEDIUM
CVE-2017-16600
all versions
This vulnerability allows remote attackers to overwrite files on vulnerable installations of NetGain Systems Enterprise Manager 7.
6.5
MEDIUM
CVE-2017-16599
all versions
This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Man
6.5
MEDIUM
CVE-2017-16598
all versions
This vulnerability allows remote attackers to execute code by overwriting arbitrary files on vulnerable installations of NetGain S
8.8
HIGH
CVE-2017-16597
all versions
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Man
9.8
CRITICAL
CVE-2017-16596
all versions
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterp
6.5
MEDIUM
CVE-2017-16595
all versions
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterp
6.5
MEDIUM
CVE-2017-16594
all versions
This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of NetGain Systems Enterprise Man
6.5
MEDIUM
CVE-2017-16593
all versions
This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Man
6.5
MEDIUM
CVE-2017-16592
all versions
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterp
6.5
MEDIUM
CVE-2017-16591
all versions
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterp
6.5
MEDIUM
CVE-2017-16590
all versions
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of NetGain Systems Enterprise Mana
8.8
HIGH
CVE-2016-7469
all versions
A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, An
5.4
MEDIUM
CVE-2017-6128
all versions
An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG
7.5
HIGH
CVE-2016-5022
all versions
F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.
9.8
CRITICAL
CVE-2015-4040
all versions
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1
CVE-2015-4047
>= 3.0.0 and <= 3.1.1
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon
CVE-2014-6032
all versions
Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11
CVE-2014-4023
all versions
Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM,
CVE-2014-2927
all versions
The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3
CVE-2014-7169
>= 2.1.0 and <= 2.3.0
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environme
9.8
CRITICAL
CVE-2014-6271
>= 2.1.0 and <= 2.3.0
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows re
9.8
CRITICAL
CVE-2014-4027
>= 3.0.0 and <= 3.1.1
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize
CVE-2014-3959
all versions
Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM,
CVE-2014-0196
all versions
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in t
5.5
MEDIUM
CVE-2013-3791
all versions
Unspecified vulnerability in Enterprise Manager (EM) Base Platform 10.2.0.5 and EM DB Control 11.1.0.7 in Oracle Enterprise Manage
CVE-2013-3758
all versions
Unspecified vulnerability in the Enterprise Manager (EM) Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.4, 10.2.0.5, 11
CVE-2012-1493
all versions
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterpr
CVE-2011-3188
>= 2.1.0 and <= 2.3.0
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers
9.1
CRITICAL
CVE-2011-1229
all versions
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Win
CVE-2009-1967
all versions
Unspecified vulnerability in the Config Management component in (1) Oracle Database 11.1.0.7 and (2) Oracle Enterprise Manager 10.
CVE-2009-1966
all versions
Unspecified vulnerability in the Config Management component in (1) Oracle Database 11.1.0.7 and (2) Oracle Enterprise Manager 10.
CVE-2008-2603
all versions
Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6, and Database Cont
CVE-2007-5531
all versions
Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise M
CVE-2007-2129
all versions
Unspecified vulnerability in the Agent component in Oracle Enterprise Manager 9.2.0.8 has unknown impact and remote attack vectors
CVE-2007-0294
all versions
Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning
CVE-2007-0293
all versions
Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors rel
CVE-2007-0292
all versions
Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracl
CVE-2006-3721
all versions
Multiple unspecified vulnerabilities in Oracle Management Service for Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown
CVE-2006-3720
all versions
Unspecified vulnerability in Enterprise Config Management for Oracle Enterprise Manager 10.1.0.3 has unknown impact and attack vec
CVE-2006-3719
all versions
Unspecified vulnerability in CORE: Repository for Oracle Enterprise Manager 9.0.1.0 and 9.2.0.1 has unknown impact and attack vect
CVE-2006-1885
all versions
Multiple unspecified vulnerabilities in the Reporting Framework component in Oracle Enterprise Manager 9.0.1.5 and 9.2.0.7 have un
CVE-2004-1371
all versions
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of
CVE-2004-1370
all versions
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attacke
CVE-2004-1369
all versions
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_regis
CVE-2004-1368
all versions
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file
CVE-2004-1367
all versions
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSM
CVE-2004-1366
all versions
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, wh
CVE-2004-1365
all versions
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to
CVE-2004-1364
all versions
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of
CVE-2004-1363
all versions
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the librar
9.8
CRITICAL
CVE-2004-1362
all versions
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin