Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 big-ip access policy manager vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2017-0302
In F5 BIG-IP APM 12.0.0 up to and including 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.
F5 Big-ip Access Policy Manager 12.1.0
F5 Big-ip Access Policy Manager 12.0.0
F5 Big-ip Access Policy Manager 13.0.0
F5 Big-ip Access Policy Manager 12.1.1
F5 Big-ip Access Policy Manager 12.1.2
7.1
CVSSv3
CVE-2023-43124
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 17.1.0
F5 Big-ip Access Policy Manager 13.1.5.1
F5 Big-ip Access Policy Manager Client
8.2
CVSSv3
CVE-2023-43125
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 17.1.0
F5 Big-ip Access Policy Manager 13.1.5.1
F5 Big-ip Access Policy Manager Client
6.1
CVSSv3
CVE-2016-9257
In F5 BIG-IP APM 12.0.0 up to and including 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing t...
F5 Big-ip Access Policy Manager 12.1.2
F5 Big-ip Access Policy Manager 12.1.0
F5 Big-ip Access Policy Manager 12.0.0
F5 Big-ip Access Policy Manager 12.1.1
NA
CVE-2013-6024
The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow malicious users to obtain sensitive information from process memory via unspecified vectors.
F5 Big-ip Edge Gateway 10.1.0
F5 Big-ip Edge Gateway 10.2.4
F5 Big-ip Access Policy Manager 11.0.0
F5 Firepass 6.0.0
F5 Firepass 6.1.0
F5 Big-ip Access Policy Manager 11.2.0
F5 Big-ip Access Policy Manager 11.2.1
F5 Big-ip Access Policy Manager 10.2.4
F5 Big-ip Access Policy Manager 11.1.0
F5 Big-ip Access Policy Manager 11.3.0
F5 Big-ip Access Policy Manager 10.1.0
F5 Big-ip Edge Gateway 11.0.0
F5 Big-ip Edge Gateway 11.5.0
F5 Firepass 7.0.0
NA
CVE-2013-5975
The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 up to and including 11.2.1 allows remote malicious users to conduct clickjacking attacks via unspecified vectors.
F5 Big-ip Access Policy Manager 11.2.1
F5 Big-ip Access Policy Manager 11.1.0
F5 Big-ip Access Policy Manager 11.2.0
6.7
CVSSv3
CVE-2020-5892
In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow malicious users to obtain the full session ID from process memory.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager Client
F5 Big-ip Edge Gateway
5.5
CVSSv3
CVE-2018-15316
In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager Client
F5 Big-ip Edge Client
7.8
CVSSv3
CVE-2018-5547
Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the c...
F5 Big-ip Access Policy Manager Client 7.1.7
F5 Big-ip Access Policy Manager Client 7.1.6
F5 Big-ip Access Policy Manager Client 7.1.6.1
7.8
CVSSv3
CVE-2021-23022
On version 7.2.1.x prior to 7.2.1.3 and 7.1.x prior to 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager Client
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »