Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:f5:big-ip_access_policy_manager_client:7.1.5:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-28714 |
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Published: May 05, 2022; 1:15:14 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.4 MEDIUM |
CVE-2020-5898 |
In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash. Published: May 12, 2020; 12:15:11 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2020-5897 |
In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component. Published: May 12, 2020; 12:15:11 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-5896 |
On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions. Published: May 12, 2020; 12:15:11 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2020-5892 |
In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory. Published: April 30, 2020; 6:15:12 PM -0400 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2020-5893 |
In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection. Published: April 30, 2020; 5:15:17 PM -0400 |
V4.0:(not available) V3.1: 3.7 LOW V2.0: 4.3 MEDIUM |
CVE-2020-5855 |
When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user. Published: February 06, 2020; 11:15:12 AM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2019-6656 |
BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix. Published: September 25, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-15332 |
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition. Published: December 06, 2018; 8:29:00 AM -0500 |
V4.0:(not available) V3.0: 7.0 HIGH V2.0: 4.4 MEDIUM |
CVE-2018-15316 |
In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks. Published: October 19, 2018; 9:29:00 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2018-5546 |
The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host. Published: August 17, 2018; 8:29:00 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |