Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
big-ip access policy manager vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-27729
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, an undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI.
F5 Big-ip Access Policy Manager
7.5
CVSSv3
CVE-2022-35245
In BIG-IP Versions 16.1.x prior to 16.1.3.1, 15.1.x prior to 15.1.6.1, and 14.1.x prior to 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions whi...
F5 Big-ip Access Policy Manager
7.5
CVSSv3
CVE-2018-5544
When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages (pages with a logon agent or a confirm box), the BIG-IP APM may disclose configuration information such as partition and agent names via URI parameters.
F5 Big-ip Access Policy Manager
6.1
CVSSv3
CVE-2018-5548
On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.
F5 Big-ip Access Policy Manager
5.3
CVSSv3
CVE-2021-23016
On BIG-IP APM versions 15.1.x prior to 15.1.3, 14.1.x prior to 14.1.4.1, 13.1.x prior to 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending spe...
F5 Big-ip Access Policy Manager
7.8
CVSSv3
CVE-2021-23023
On version 7.2.1.x prior to 7.2.1.3 and 7.1.x prior to 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Access Policy Manager
6.1
CVSSv3
CVE-2021-23054
On version 16.x prior to 16.1.0, 15.1.x prior to 15.1.4, 14.1.x prior to 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured...
F5 Big-ip Access Policy Manager
4.3
CVSSv3
CVE-2018-15310
A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages.
F5 Big-ip Access Policy Manager
5.3
CVSSv3
CVE-2021-23047
On version 16.x prior to 16.1.0, 15.1.x prior to 15.1.3.1, 14.1.x prior to 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), u...
F5 Big-ip Access Policy Manager
6.1
CVSSv3
CVE-2021-23052
On version 14.1.x prior to 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. Note: Software versions whi...
F5 Big-ip Access Policy Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »