Vulnerabilities > F5 > BIG IP Access Policy Manager Client > 7.1.7

DATE CVE VULNERABILITY TITLE RISK
2019-09-25 CVE-2019-6656 Information Exposure Through Log Files vulnerability in F5 products
BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files.
network
low complexity
f5 CWE-532
7.5
7.5
2018-12-06 CVE-2018-15332 Race Condition vulnerability in F5 Big-Ip Access Policy Manager
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.
local
high complexity
f5 CWE-362
7.0
7.0
2018-08-17 CVE-2018-5547 Missing Authorization vulnerability in F5 Big-Ip Access Policy Manager Client 7.1.6/7.1.6.1/7.1.7
Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access.
local
low complexity
f5 CWE-862
7.8
7.8
2018-08-17 CVE-2018-5546 Incorrect Permission Assignment for Critical Resource vulnerability in F5 products
The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host.
local
low complexity
f5 CWE-732
7.8
7.8