U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:f5:big-ip_access_policy_manager_client:7.1.8:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 11 matching records.
Displaying matches 1 through 11.
Vuln ID Summary CVSS Severity
CVE-2022-28714

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Published: May 05, 2022; 1:15:14 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM
CVE-2022-27636

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Published: May 05, 2022; 1:15:13 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-23032

In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published: January 25, 2022; 3:15:10 PM -0500
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2021-23022

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published: June 10, 2021; 12:15:08 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-5898

In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash.

Published: May 12, 2020; 12:15:11 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2020-5897

In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.

Published: May 12, 2020; 12:15:11 PM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-5896

On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions.

Published: May 12, 2020; 12:15:11 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-5892

In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.

Published: April 30, 2020; 6:15:12 PM -0400
V4.0:(not available)
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2020-5893

In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.

Published: April 30, 2020; 5:15:17 PM -0400
V4.0:(not available)
V3.1: 3.7 LOW
V2.0: 4.3 MEDIUM
CVE-2020-5855

When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.

Published: February 06, 2020; 11:15:12 AM -0500
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2019-6656

BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix.

Published: September 25, 2019; 4:15:11 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM