F5 Big-Ip Apm vulnerabilities
14 known vulnerabilities affecting f5/big-ip_apm.
Total CVEs
14
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH7MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2022-31473HIGHCVSS 7.7≥ 15.1.x, < 15.1.4≥ 16.1.x, < 16.1.12022-08-04
CVE-2022-31473 [MEDIUM] CWE-22 CVE-2022-31473: In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an
In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions
cvelistv5nvd
CVE-2022-33203HIGHCVSS 7.5≥ 14.1.x, < 14.1.5≥ 15.1.x, < 15.1.6.1+1 more2022-08-04
CVE-2022-33203 [HIGH] CWE-400 CVE-2022-33203: In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BI
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
cvelistv5nvd
CVE-2022-35245HIGHCVSS 7.5≥ 14.1.x, < 14.1.5.1≥ 15.1.x, < 15.1.6.1+1 more2022-08-04
CVE-2022-35245 [HIGH] CWE-476 CVE-2022-35245: In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
cvelistv5nvd
CVE-2022-27634HIGHCVSS 7.2≥ 16.1.x, < 16.1.2.2≥ 15.1.x, < 15.1.5.12022-05-05
CVE-2022-27634 [MEDIUM] CWE-20 CVE-2022-27634: On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not prop
On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions which have reached End of Technical Support (EoTS) are not
cvelistv5nvd
CVE-2022-29263HIGHCVSS 7.8v12.1.xv11.6.x+4 more2022-05-05
CVE-2022-29263 [HIGH] CWE-732 CVE-2022-29263: On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versio
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, the BIG-IP Edge Client Component Installer Service does not use best practice while saving temp
cvelistv5nvd
CVE-2022-28714HIGHCVSS 7.8v12.1.xv11.6.x+4 more2022-05-05
CVE-2022-28714 [HIGH] CWE-427 CVE-2022-28714: On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versio
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Softwar
cvelistv5nvd
CVE-2022-27636MEDIUMCVSS 5.5v12.1.xv11.6.x+4 more2022-05-05
CVE-2022-27636 [MEDIUM] CWE-532 CVE-2022-27636: On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versio
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on
cvelistv5nvd
CVE-2022-27181MEDIUMCVSS 5.3v12.1.xv11.6.x+4 more2022-05-05
CVE-2022-27181 [MEDIUM] CWE-400 CVE-2022-27181: On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versio
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when APM is configured on a virtual server and the associated access profile is configured with APM AAA NTLM Auth, undisclosed requests can cause an increase
cvelistv5nvd
CVE-2022-27230MEDIUMCVSS 6.1v16.1.xv15.1.x+4 more2022-05-05
CVE-2022-27230 [HIGH] CWE-79 CVE-2022-27230: On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-I
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logg
cvelistv5nvd
CVE-2020-5853MEDIUMCVSS 5.4v15.0.0-15.1.0v14.0.0-14.1.2.3+3 more2020-01-14
CVE-2020-5853 [MEDIUM] CWE-79 CVE-2020-5853: In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1
In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict.
cvelistv5nvd
CVE-2019-19150MEDIUMCVSS 4.9v15.0.0-15.0.1.1v14.1.0-14.1.2+4 more2019-12-23
CVE-2019-19150 [MEDIUM] CWE-532 CVE-2019-19150: On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.
On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled.
cvelistv5nvd
CVE-2019-6609CRITICALCVSS 9.8v14.0.0-14.1.0.1v13.0.0-13.1.1.3+1 more2019-04-15
CVE-2019-6609 [CRITICAL] CWE-522 CVE-2019-6609: Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-I
Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable attribute was not set which causes secure vault to not use
cvelistv5nvd
CVE-2017-6166MEDIUMCVSS 5.9≥ 12.0.0, ≤ 12.1.12017-11-22
CVE-2017-6166 [MEDIUM] CWE-415 CVE-2017-6166: In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0
In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts
nvd
CVE-2017-6168HIGHCVSS 7.4≥ 11.6.0, ≤ 11.6.2≥ 12.0.0, ≤ 12.1.2+1 more2017-11-17
CVE-2017-6168 [HIGH] CWE-203 CVE-2017-6168: On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or
On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encry
nvd