Vulnerabilities > F5 > BIG IP Access Policy Manager Client > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-05-05 CVE-2022-27636 Information Exposure Through Log Files vulnerability in F5 products
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system.
local
low complexity
f5 CWE-532
5.5
2022-01-25 CVE-2022-23032 Origin Validation Error vulnerability in F5 Big-Ip Access Policy Manager
In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack.
network
low complexity
f5 CWE-346
5.3
2020-05-12 CVE-2020-5898 Unspecified vulnerability in F5 Big-Ip Access Policy Manager
In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland.
local
low complexity
f5
5.5
2020-04-30 CVE-2020-5892 Unspecified vulnerability in F5 Big-Ip Access Policy Manager
In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.
local
low complexity
f5
6.7
2020-02-06 CVE-2020-5855 Unspecified vulnerability in F5 Big-Ip Access Policy Manager
When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.
low complexity
f5
4.3
2018-10-19 CVE-2018-15316 Unspecified vulnerability in F5 products
In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks.
local
low complexity
f5
5.5