Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
access-policy vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2017-0302
In F5 BIG-IP APM 12.0.0 up to and including 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.
F5 Big-ip Access Policy Manager 12.1.2
F5 Big-ip Access Policy Manager 12.0.0
F5 Big-ip Access Policy Manager 13.0.0
F5 Big-ip Access Policy Manager 12.1.1
F5 Big-ip Access Policy Manager 12.1.0
NA
CVE-2013-5976
Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 up to and including 10.2.4 and 11.1.0 up to and including 11.3.0 allows remote malicious users to inject arbitrary web script or HTML via the LastMRH_Session cookie.
F5 Big-ip Access Policy Manager 10.2.4
F5 Big-ip Access Policy Manager 11.0.0
F5 Big-ip Access Policy Manager 11.1.0
F5 Big-ip Access Policy Manager 10.1.0
F5 Big-ip Access Policy Manager 11.3.0
7.1
CVSSv3
CVE-2023-43124
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 17.1.0
F5 Big-ip Access Policy Manager 13.1.5.1
F5 Big-ip Access Policy Manager Client
8.2
CVSSv3
CVE-2023-43125
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 17.1.0
F5 Big-ip Access Policy Manager 13.1.5.1
F5 Big-ip Access Policy Manager Client
6.1
CVSSv3
CVE-2016-9257
In F5 BIG-IP APM 12.0.0 up to and including 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing t...
F5 Big-ip Access Policy Manager 12.1.2
F5 Big-ip Access Policy Manager 12.0.0
F5 Big-ip Access Policy Manager 12.1.1
F5 Big-ip Access Policy Manager 12.1.0
5.9
CVSSv3
CVE-2016-3686
The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x prior to 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 up to and including 11.3.0 might allow remote malicious users to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect.
F5 Big-ip Edge Gateway 11.2.0
F5 Big-ip Edge Gateway 11.3.0
F5 Big-ip Edge Gateway 11.2.1
F5 Big-ip Edge Gateway 11.0.0
F5 Big-ip Edge Gateway 11.1.0
F5 Big-ip Access Policy Manager 11.0.0
F5 Big-ip Access Policy Manager 11.1.0
F5 Big-ip Access Policy Manager 11.5.2
F5 Big-ip Access Policy Manager 11.5.0
F5 Big-ip Access Policy Manager 11.5.1
F5 Big-ip Access Policy Manager 11.2.1
F5 Big-ip Access Policy Manager 11.5.3
F5 Big-ip Access Policy Manager 11.4.0
F5 Big-ip Access Policy Manager 11.5.4
F5 Big-ip Access Policy Manager 11.3.0
F5 Big-ip Access Policy Manager 11.2.0
F5 Big-ip Access Policy Manager 11.6.0
F5 Big-ip Access Policy Manager 11.4.1
7
CVSSv3
CVE-2018-15332
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 14.0.0
F5 Big-ip Access Policy Manager Client
NA
CVE-2013-5975
The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 up to and including 11.2.1 allows remote malicious users to conduct clickjacking attacks via unspecified vectors.
F5 Big-ip Access Policy Manager 11.1.0
F5 Big-ip Access Policy Manager 11.2.1
F5 Big-ip Access Policy Manager 11.2.0
4.5
CVSSv3
CVE-2021-23002
When using BIG-IP APM 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.2.1, 14.1.x prior to 14.1.4, 13.1.x prior to 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x prior to 7.2.1.1, 7.1.9.x prior to 7.1.9.8, or 7.1.8.x prior to 7.1.8.5, the session ID is...
F5 Big-ip Access Policy Manager
F5 Access Policy Manager Clients
7.8
CVSSv3
CVE-2021-22980
In Edge Client version 7.2.x prior to 7.2.1.1, 7.1.9.x prior to 7.1.9.8, and 7.1.x-7.1.8.x prior to 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an malicious user to load a malicious DLL library fro...
F5 Big-ip Access Policy Manager
F5 Access Policy Manager Clients
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »