Latest f5 big-ip access policy manager client Vulnerabilities

CVE-2023-43125
BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
F5 Big-ip Access Policy Manager>=14.1.5.2<=14.1.5.6
F5 Big-ip Access Policy Manager>=15.1.8<=15.1.10
F5 Big-ip Access Policy Manager>=16.1.3.3<=16.1.4
F5 Big-ip Access Policy Manager=13.1.5.1
F5 Big-ip Access Policy Manager=17.1.0
F5 Big-ip Access Policy Manager Client>=7.2.3<=7.2.4
CVE-2023-43124
BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
F5 Big-ip Access Policy Manager>=14.1.5.2<=14.1.5.6
F5 Big-ip Access Policy Manager>=15.1.8<=15.1.10
F5 Big-ip Access Policy Manager>=16.1.3.3<=16.1.4
F5 Big-ip Access Policy Manager=13.1.5.1
F5 Big-ip Access Policy Manager=17.1.0
F5 Big-ip Access Policy Manager Client>=7.2.3<=7.2.4
CVE-2022-28714
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as wel...
F5 Big-ip Access Policy Manager=11.6.1
F5 Big-ip Access Policy Manager=11.6.2
F5 Big-ip Access Policy Manager=11.6.3
F5 Big-ip Access Policy Manager=11.6.4
F5 Big-ip Access Policy Manager=11.6.5
F5 Big-ip Access Policy Manager=12.1.0
and 33 more
CVE-2022-27636
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as wel...
F5 Big-ip Access Policy Manager=11.6.1
F5 Big-ip Access Policy Manager=11.6.2
F5 Big-ip Access Policy Manager=11.6.3
F5 Big-ip Access Policy Manager=11.6.4
F5 Big-ip Access Policy Manager=11.6.5
F5 Big-ip Access Policy Manager=12.1.0
and 27 more
CVE-2022-23032
In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebind...
F5 Big-ip Access Policy Manager>=11.6.1<=11.6.5
F5 Big-ip Access Policy Manager>=12.1.0<=12.1.6
F5 Big-ip Access Policy Manager>=13.1.0<=13.1.4
F5 Big-ip Access Policy Manager>=14.1.0<=14.1.4
F5 Big-ip Access Policy Manager>=15.1.0<=15.1.5
F5 Big-ip Access Policy Manager>=16.0.0<=16.1.2
and 2 more
CVE-2020-5898
In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoContro...
F5 Big-ip Access Policy Manager>=11.6.1<=11.6.5.1
F5 Big-ip Access Policy Manager>=12.1.0<=12.1.5.1
F5 Big-ip Access Policy Manager>=13.1.0<=13.1.3.3
F5 Big-ip Access Policy Manager>=14.1.0<=14.1.2.5
F5 Big-ip Access Policy Manager>=15.0.0<=15.1.0.3
F5 Big-ip Access Policy Manager Client>=7.1.5<=7.1.9
CVE-2020-5897
F5 Big-ip Access Policy Manager>=11.6.1<=11.6.5.1
F5 Big-ip Access Policy Manager>=12.1.0<=12.1.5.1
F5 Big-ip Access Policy Manager>=13.1.0<=13.1.3.3
F5 Big-ip Access Policy Manager>=14.1.0<=14.1.2.5
F5 Big-ip Access Policy Manager>=15.0.0<=15.1.0.3
F5 Big-ip Access Policy Manager Client>=7.1.5<=7.1.9
CVE-2020-5896
On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions.
F5 Big-ip Access Policy Manager>=11.6.1<=11.6.5.1
F5 Big-ip Access Policy Manager>=12.1.0<=12.1.5.1
F5 Big-ip Access Policy Manager>=13.1.0<=13.1.3.3
F5 Big-ip Access Policy Manager>=14.1.0<=14.1.2.5
F5 Big-ip Access Policy Manager>=15.0.0<=15.1.0.3
F5 Big-ip Access Policy Manager Client>=7.1.5<=7.1.9
CVE-2020-5892
In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.
F5 Big-ip Access Policy Manager>=11.6.1<=11.6.5
F5 Big-ip Access Policy Manager>=12.1.0<=12.1.5
F5 Big-ip Access Policy Manager>=13.0.0<=13.1.3
F5 Big-ip Access Policy Manager>=14.0.0<=14.1.2
F5 Big-ip Access Policy Manager>=15.0.0<=15.1.0
F5 Big-ip Access Policy Manager Client>=7.1.5<=7.1.8
and 5 more
CVE-2020-5855
When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell a...
F5 Big-ip Access Policy Manager>=11.5.2<=11.6.5
F5 Big-ip Access Policy Manager>=12.1.0<=12.1.5
F5 Big-ip Access Policy Manager>=13.1.0<=13.1.3
F5 Big-ip Access Policy Manager>=14.1.0<=14.1.2
F5 Big-ip Access Policy Manager>=15.0.0<=15.1.0
F5 Big-ip Access Policy Manager Client>=7.1.5<=7.1.8
and 1 more
CVE-2019-6656
F5 Big-ip Access Policy Manager>=11.5.2<=11.6.5
F5 Big-ip Access Policy Manager>=12.1.0<=12.1.5
F5 Big-ip Access Policy Manager>=13.1.0<13.1.3
F5 Big-ip Access Policy Manager>=14.0.0<14.0.0.5
F5 Big-ip Access Policy Manager>=14.1.0<14.1.2
F5 Big-ip Access Policy Manager>=15.0.0<=15.0.1
and 1 more
CVE-2018-15332
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on t...
F5 BIG-IP Access Policy Manager>=11.5.1<=11.6.3
F5 BIG-IP Access Policy Manager>=12.1.0<=12.1.3
F5 BIG-IP Access Policy Manager>=13.0.0<=13.1.1
F5 BIG-IP Access Policy Manager=14.0.0
F5 Big-ip Access Policy Manager Client>=7.1.5<=7.1.7
Apple macOS
and 1 more
CVE-2018-15316
In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint ch...
F5 Big-ip Access Policy Manager>=13.0.0<=13.1.1.1
F5 Big-ip Access Policy Manager Client>=7.1.5<=7.1.6
F5 Big-ip Edge Client>=7101<=7160
CVE-2018-5547
Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature d...
F5 Big-ip Access Policy Manager Client=7.1.6
F5 Big-ip Access Policy Manager Client=7.1.6.1
F5 Big-ip Access Policy Manager Client=7.1.7
CVE-2018-5546
The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files ...
F5 Big-ip Access Policy Manager Client>=7.1.5<=7.1.7
Apple macOS
Linux Linux kernel
F5 BIG-IP Access Policy Manager>=12.1.0<=12.1.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203