Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Big\-Ip_access_policy_manager_client
(F5)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-01-25 | CVE-2022-23032 | In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | Big\-Ip_access_policy_manager, Big\-Ip_access_policy_manager_client | 5.3 | ||
| 2018-12-06 | CVE-2018-15332 | The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition. | Big\-Ip_access_policy_manager, Big\-Ip_access_policy_manager_client | 7.0 | ||
| 2020-02-06 | CVE-2020-5855 | When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user. | Big\-Ip_access_policy_manager, Big\-Ip_access_policy_manager_client | 4.3 | ||
| 2020-04-30 | CVE-2020-5893 | In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection. | Big\-Ip_access_policy_manager, Big\-Ip_access_policy_manager_client | 3.7 | ||
| 2020-04-30 | CVE-2020-5892 | In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory. | Big\-Ip_access_policy_manager, Big\-Ip_access_policy_manager_client, Big\-Ip_edge_gateway | 6.7 | ||
| 2021-06-10 | CVE-2021-23022 | On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | Big\-Ip_access_policy_manager, Big\-Ip_access_policy_manager_client | 7.8 | ||
| 2020-05-12 | CVE-2020-5898 | In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash. | Big\-Ip_access_policy_manager, Big\-Ip_access_policy_manager_client | N/A | ||
| 2020-05-12 | CVE-2020-5897 | In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component. | Big\-Ip_access_policy_manager, Big\-Ip_access_policy_manager_client | N/A | ||
| 2020-05-12 | CVE-2020-5896 | On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions. | Big\-Ip_access_policy_manager, Big\-Ip_access_policy_manager_client | N/A | ||
| 2018-10-19 | CVE-2018-15316 | In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks. | Big\-Ip_access_policy_manager, Big\-Ip_access_policy_manager_client, Big\-Ip_edge_client | 5.5 |