Published write-ups for a few vulnerabilities I discovered and responsibly disclosed last year. One vulnerability took three fixes to finally resolve the issue. As a best practice, I always re-check the vulnerability after a patch is available because the fix may not properly resolve the issue or a new vulnerability is introduced. Kudos to the F5 Security Incident Response Team (SIRT). I will be posting additional detailed write-ups in the near future.
CVE-2018-15332 , CVE-2018-5529 , and CVE-2018-5546 – F5 BIG-IP APM client for Linux and macOS arbitrary file takeover vulnerability.
CVE-2019-6617 – F5 BIG-IP Resource Administrator Privilege Escalation.