CVE-2021-22980
published 2021-02-12CVE-2021-22980: In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability in that the victim must run this utility on the Windows system. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | access_policy_manager_clients | — | — |
| f5 | access_policy_manager_clients | >= 7.1.5 < 7.1.8.5 | 7.1.8.5 |
| f5 | access_policy_manager_clients | >= 7.1.9 < 7.1.9.8 | 7.1.9.8 |
| f5 | access_policy_manager_clients | >= 7.2.1 < 7.2.1.1 | 7.2.1.1 |
| f5 | big-ip_access_policy_manager | 11.6.1 – 11.6.5 | — |
| f5 | big-ip_access_policy_manager | 12.1.0 – 12.1.5 | — |
| f5 | big-ip_access_policy_manager | >= 13.1.0 < 13.1.3.6 | 13.1.3.6 |
| f5 | big-ip_access_policy_manager | 14.1.0 – 14.1.3 | — |
| f5 | big-ip_access_policy_manager | 15.1.0 – 15.1.2 | — |
| f5 | big-ip_access_policy_manager | >= 16.0.0 < 16.0.1.1 | 16.0.1.1 |
| f5 | big-ip_apm | — | — |