Vulnerabilities > F5 > BIG IP Access Policy Manager Client

DATE CVE VULNERABILITY TITLE RISK
2020-04-30 CVE-2020-5893 Cleartext Transmission of Sensitive Information vulnerability in F5 Big-Ip Access Policy Manager
In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.
network
high complexity
f5 CWE-319
3.7
2020-02-06 CVE-2020-5855 Unspecified vulnerability in F5 Big-Ip Access Policy Manager
When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.
low complexity
f5
4.3
2019-09-25 CVE-2019-6656 Information Exposure Through Log Files vulnerability in F5 products
BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files.
network
low complexity
f5 CWE-532
7.5
2018-12-06 CVE-2018-15332 Race Condition vulnerability in F5 Big-Ip Access Policy Manager
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.
local
high complexity
f5 CWE-362
7.0
2018-10-19 CVE-2018-15316 Unspecified vulnerability in F5 products
In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks.
local
low complexity
f5
5.5
2018-08-17 CVE-2018-5547 Missing Authorization vulnerability in F5 Big-Ip Access Policy Manager Client 7.1.6/7.1.6.1/7.1.7
Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access.
local
low complexity
f5 CWE-862
7.8
2018-08-17 CVE-2018-5546 Incorrect Permission Assignment for Critical Resource vulnerability in F5 products
The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host.
local
low complexity
f5 CWE-732
7.8