CVE-2018-15316

4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 64.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Access Policy Manager Client F5 Big-ip Edge Client +3 more

Timeline

PublishedOct 19

Latest updateMay 13

Description

In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶NVDf5/big-ip_edge_client7101 — 7160

▶CVEListV5f5_networks,_inc./big-ip_edge_client7101 - 7160

▶NVDf5/big-ip_access_policy_manager_client7.1.5 — 7.1.6

▶CVEListV5f5_networks,_inc./big-ip_apm_clients7.1.5 - 7.1.6

▶NVDf5/big-ip_access_policy_manager13.0.0 — 13.1.1.1

🔴Vulnerability Details

GHSA

GHSA-fffv-hxw2-2jhf: In F5 BIG-IP APM 13↗2022-05-13

▶

CVEList

CVE-2018-15316: In F5 BIG-IP APM 13↗2018-10-19

▶

📋Vendor Advisories

CVE-2018-15316: In F5 BIG-IP APM 13↗2018-10-19

▶