Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 big-ip access policy manager vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-5536
A remote attacker via undisclosed measures, may be able to exploit an F5 BIG-IP APM 13.0.0-13.1.0.7 or 12.1.0-12.1.3.5 virtual server configured with an APM per-request policy object and cause a memory leak in the APM module.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 14.0.0
8.6
CVSSv3
CVE-2019-6610
On BIG-IP versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11.6.3.4, and 11.5.1-11.5.8, the system is vulnerable to a denial of service attack when performing URL classification.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 14.0.0
3.7
CVSSv3
CVE-2020-5893
In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager Client
7.8
CVSSv3
CVE-2020-5896
On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager Client
8.8
CVSSv3
CVE-2020-5897
In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager Client
5.5
CVSSv3
CVE-2020-5898
In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager Client
7.5
CVSSv3
CVE-2019-6656
BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5...
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager Client
7.5
CVSSv3
CVE-2019-6596
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when processing fragmented ClientHello messages in a DTLS session TMM may corrupt memory eventually leading to a crash. Only systems offering DTLS connections via APM are impacted.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 14.0.0
7.5
CVSSv3
CVE-2018-5549
On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13.1.0.3, APMD may core when processing SAML Assertion or response containing certain elements.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 13.0.0
5.3
CVSSv3
CVE-2018-5528
Under certain conditions, TMM may restart and produce a core file while processing APM data on BIG-IP 13.0.1 or 13.1.0.4-13.1.0.7.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 13.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »