Vulnerabilities > F5 > BIG IP Access Policy Manager > 7.2.4

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-43611 Improper Verification of Cryptographic Signature vulnerability in F5 products
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.  This vulnerability is due to an incomplete fix for CVE-2023-38418.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
local
low complexity
f5 CWE-347
7.8
7.8
2023-10-10 CVE-2023-5450 Insufficient Verification of Data Authenticity vulnerability in F5 Big-Ip Access Policy Manager
An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
local
low complexity
f5 CWE-345
7.8
7.8
2023-05-03 CVE-2023-22372 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in F5 Big-Ip Access Policy Manager
In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
high complexity
f5 CWE-924
5.9
5.9
2023-05-03 CVE-2023-24461 Improper Certificate Validation vulnerability in F5 Big-Ip Access Policy Manager
An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
high complexity
f5 CWE-295
5.9
5.9