Vulnerabilities > F5 > BIG IP Access Policy Manager Client

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-43124 Unspecified vulnerability in F5 products
BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
low complexity
f5
7.1
2023-09-27 CVE-2023-43125 Unspecified vulnerability in F5 products
BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
network
low complexity
f5
8.2
2022-05-05 CVE-2022-27636 Information Exposure Through Log Files vulnerability in F5 products
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system.
local
low complexity
f5 CWE-532
5.5
2022-05-05 CVE-2022-28714 Unspecified vulnerability in F5 products
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer.
local
low complexity
f5
7.8
2022-01-25 CVE-2022-23032 Origin Validation Error vulnerability in F5 Big-Ip Access Policy Manager
In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack.
network
low complexity
f5 CWE-346
5.3
2021-06-10 CVE-2021-23022 Incorrect Permission Assignment for Critical Resource vulnerability in F5 products
On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions.
local
low complexity
f5 CWE-732
7.8
2020-05-12 CVE-2020-5898 Unspecified vulnerability in F5 Big-Ip Access Policy Manager
In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland.
local
low complexity
f5
5.5
2020-05-12 CVE-2020-5897 Use After Free vulnerability in F5 Big-Ip Access Policy Manager
In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.
network
low complexity
f5 CWE-416
8.8
2020-05-12 CVE-2020-5896 Incorrect Default Permissions vulnerability in F5 Big-Ip Access Policy Manager
On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions.
local
low complexity
f5 CWE-276
7.8
2020-04-30 CVE-2020-5892 Unspecified vulnerability in F5 Big-Ip Access Policy Manager
In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.
local
low complexity
f5
6.7