Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
access-policy vulnerabilities and exploits
(subscribe to this query)
7.7
CVSSv3
CVE-2022-31473
In BIG-IP Versions 16.1.x prior to 16.1.1 and 15.1.x prior to 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit c...
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 16.1.0
8.6
CVSSv3
CVE-2019-6610
On BIG-IP versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11.6.3.4, and 11.5.1-11.5.8, the system is vulnerable to a denial of service attack when performing URL classification.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 14.0.0
7.8
CVSSv3
CVE-2020-5896
On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager Client
7.5
CVSSv3
CVE-2017-6129
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt traffic or caus...
F5 Big-ip Access Policy Manager 12.1.2
F5 Big-ip Access Policy Manager 13.0.0
5.9
CVSSv3
CVE-2017-6139
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk.
F5 Big-ip Access Policy Manager 12.1.2
F5 Big-ip Access Policy Manager 13.0.0
NA
CVE-2013-6024
The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow malicious users to obtain sensitive information from process memory via unspecified vectors.
F5 Big-ip Edge Gateway 10.1.0
F5 Big-ip Edge Gateway 10.2.4
F5 Big-ip Access Policy Manager 11.0.0
F5 Firepass 6.0.0
F5 Firepass 6.1.0
F5 Big-ip Access Policy Manager 11.2.0
F5 Big-ip Access Policy Manager 11.2.1
F5 Big-ip Access Policy Manager 10.2.4
F5 Big-ip Access Policy Manager 11.1.0
F5 Big-ip Access Policy Manager 11.3.0
F5 Big-ip Access Policy Manager 10.1.0
F5 Big-ip Edge Gateway 11.0.0
F5 Big-ip Edge Gateway 11.5.0
F5 Firepass 7.0.0
6.7
CVSSv3
CVE-2020-5892
In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow malicious users to obtain the full session ID from process memory.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager Client
F5 Big-ip Edge Gateway
5.5
CVSSv3
CVE-2018-15316
In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager Client
F5 Big-ip Edge Client
7.5
CVSSv3
CVE-2018-5544
When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages (pages with a logon agent or a confirm box), the BIG-IP APM may disclose configuration information such as partition and agent names via URI parameters.
F5 Big-ip Access Policy Manager
6.1
CVSSv3
CVE-2018-5548
On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.
F5 Big-ip Access Policy Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »