Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Big\-Ip_access_policy_manager_client
(F5)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-27 | CVE-2023-43124 | BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | Big\-Ip_access_policy_manager, Big\-Ip_access_policy_manager_client | 7.1 | ||
| 2023-09-27 | CVE-2023-43125 | BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | Big\-Ip_access_policy_manager, Big\-Ip_access_policy_manager_client | 8.2 | ||
| 2018-08-17 | CVE-2018-5547 | Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon... | Big\-Ip_access_policy_manager_client | 7.8 | ||
| 2019-09-25 | CVE-2019-6656 | BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix. | Big\-Ip_access_policy_manager, Big\-Ip_access_policy_manager_client | 7.5 | ||
| 2018-08-17 | CVE-2018-5546 | The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host. | Big\-Ip_access_policy_manager, Big\-Ip_access_policy_manager_client | 7.8 | ||
| 2018-12-06 | CVE-2018-15332 | The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition. | Big\-Ip_access_policy_manager, Big\-Ip_access_policy_manager_client | 7.0 | ||
| 2018-10-19 | CVE-2018-15316 | In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks. | Big\-Ip_access_policy_manager, Big\-Ip_access_policy_manager_client, Big\-Ip_edge_client | 5.5 |