Vulnerabilities > F5 > BIG IP Access Policy Manager Client > 7.1.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-05 | CVE-2022-27636 | Information Exposure Through Log Files vulnerability in F5 products On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. | 5.5 |
| 2022-05-05 | CVE-2022-28714 | Uncontrolled Search Path Element vulnerability in F5 products On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. | 4.4 |
| 2022-01-25 | CVE-2022-23032 | Origin Validation Error vulnerability in F5 Big-Ip Access Policy Manager In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. | 5.0 |
| 2021-06-10 | CVE-2021-23022 | Incorrect Permission Assignment for Critical Resource vulnerability in F5 products On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. | 7.2 |
| 2020-05-12 | CVE-2020-5898 | Unspecified vulnerability in F5 Big-Ip Access Policy Manager In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. | 4.9 |
| 2020-05-12 | CVE-2020-5897 | Use After Free vulnerability in F5 Big-Ip Access Policy Manager In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component. | 6.8 |
| 2020-05-12 | CVE-2020-5896 | Incorrect Default Permissions vulnerability in F5 Big-Ip Access Policy Manager On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions. | 4.6 |
| 2020-04-30 | CVE-2020-5892 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in F5 Big-Ip Access Policy Manager In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory. | 4.6 |
| 2020-04-30 | CVE-2020-5893 | Information Exposure vulnerability in F5 Big-Ip Access Policy Manager In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection. | 4.3 |
| 2020-02-06 | CVE-2020-5855 | Incorrect Authorization vulnerability in F5 Big-Ip Access Policy Manager When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user. | 4.6 |