Vulnerabilities > F5 > BIG IP Access Policy Manager Client > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-43124 Unspecified vulnerability in F5 products
BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
low complexity
f5
7.1
2023-09-27 CVE-2023-43125 Unspecified vulnerability in F5 products
BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
network
low complexity
f5
8.2
2022-05-05 CVE-2022-28714 Unspecified vulnerability in F5 products
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer.
local
low complexity
f5
7.8
2021-06-10 CVE-2021-23022 Incorrect Permission Assignment for Critical Resource vulnerability in F5 products
On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions.
local
low complexity
f5 CWE-732
7.8
2020-05-12 CVE-2020-5897 Use After Free vulnerability in F5 Big-Ip Access Policy Manager
In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.
network
low complexity
f5 CWE-416
8.8
2020-05-12 CVE-2020-5896 Incorrect Default Permissions vulnerability in F5 Big-Ip Access Policy Manager
On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions.
local
low complexity
f5 CWE-276
7.8
2019-09-25 CVE-2019-6656 Information Exposure Through Log Files vulnerability in F5 products
BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files.
network
low complexity
f5 CWE-532
7.5
2018-12-06 CVE-2018-15332 Race Condition vulnerability in F5 Big-Ip Access Policy Manager
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.
local
high complexity
f5 CWE-362
7.0
2018-08-17 CVE-2018-5547 Missing Authorization vulnerability in F5 Big-Ip Access Policy Manager Client 7.1.6/7.1.6.1/7.1.7
Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access.
local
low complexity
f5 CWE-862
7.8
2018-08-17 CVE-2018-5546 Incorrect Permission Assignment for Critical Resource vulnerability in F5 products
The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host.
local
low complexity
f5 CWE-732
7.8