CVE-2019-6649

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 15.0.0, 14.1.0 through 14.1.0.6, 14.0.0 through 14.0.0.5, 13.0.0 through 13.1.1.5, 12.1.0 through 12.1.4.1, 11.6.0 through 11.6.4, 11.5.1 through 11.5.9 Enterprise Manager version 3.1.1

Description The issue may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.

Recommendations For F5 BIG-IP versions 15.0.0, 14.1.0 through 14.1.0.6, 14.0.0 through 14.0.0.5, 13.0.0 through 13.1.1.5, 12.1.0 through 12.1.4.1, 11.6.0 through 11.6.4, 11.5.1 through 11.5.9, consider changing the ConfigSync settings to default to prevent sensitive information exposure and system configuration modification. For Enterprise Manager version 3.1.1, consider changing the ConfigSync settings to default to prevent sensitive information exposure and system configuration modification. At the moment, there is no information about a newer version that contains a fix for this vulnerability.