Vulnerabilities > F5 > Access Policy Manager Clients

DATE CVE VULNERABILITY TITLE RISK
2023-08-02 CVE-2023-36858 Insufficient Verification of Data Authenticity vulnerability in F5 products
An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
local
low complexity
f5 CWE-345
5.5
5.5
2023-08-02 CVE-2023-38418 Improper Verification of Cryptographic Signature vulnerability in F5 Big-Ip Access Policy Manager
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
local
low complexity
f5 CWE-347
7.8
7.8
2022-05-05 CVE-2022-29263 Incorrect Permission Assignment for Critical Resource vulnerability in F5 products
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, the BIG-IP Edge Client Component Installer Service does not use best practice while saving temporary files.
local
low complexity
f5 CWE-732
4.6
4.6
2021-03-31 CVE-2021-23002 Unspecified vulnerability in F5 products
When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system.
low complexity
f5
2.7
2.7
2021-02-12 CVE-2021-22980 Untrusted Search Path vulnerability in F5 products
In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory.
local
f5 CWE-426
6.9
6.9