cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-27636,https://securityvulnerability.io/vulnerability/CVE-2022-27636,Session Information Exposure Vulnerability in F5 BIG-IP APM,"An issue in F5 BIG-IP APM allows for the logging of sensitive session-related information when the VPN is initiated on a Windows system. This vulnerability affects various versions of the BIG-IP APM, where exposed logs could potentially be accessed by unauthorized individuals, leading to possible exploitation of internal user data. It is crucial for organizations using these affected versions to evaluate their systems and take necessary precautions to mitigate this risk.",F5,"Big-ip Apm,Big-ip Apm Clients",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-29263,https://securityvulnerability.io/vulnerability/CVE-2022-29263,Improper File Handling in F5 BIG-IP Access Management Products,"The vulnerability in F5 BIG-IP APM arises from the Edge Client Component Installer Service's failure to apply best practices when managing temporary files. This flaw can potentially allow unauthorized access or manipulation of sensitive data, compromising the integrity of the system. Users are advised to review their configurations and apply necessary patches to ensure their systems remain secure.",F5,"Big-ip Apm,Big-ip Apm Clients",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-28714,https://securityvulnerability.io/vulnerability/CVE-2022-28714,DLL Hijacking Vulnerability in F5 BIG-IP APM Products,"A DLL hijacking vulnerability was discovered in the F5 BIG-IP APM Windows Installer affecting multiple versions of the BIG-IP APM products and clients. This vulnerability enables potential attackers to exploit the installer, leading to unauthorized code execution. Users of affected products are advised to update to the latest versions to mitigate the risks associated with this vulnerability.",F5,"Big-ip Apm,Big-ip Apm Clients",7.3,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2021-23002,https://securityvulnerability.io/vulnerability/CVE-2021-23002,Session ID Exposure in BIG-IP APM and Edge Client by F5 Networks,"The F5 BIG-IP APM and Edge Client expose session IDs in the command arguments when launching the VPN from a web browser on Windows systems. This vulnerability affects several versions of both the BIG-IP APM and Edge Client, necessitating coordinated updates for both client and server to mitigate the risks associated with potential interception of session identifiers.",F5,Big-ip Apm And Edge Client,4.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-03-31T17:32:20.000Z,0
CVE-2019-6668,https://securityvulnerability.io/vulnerability/CVE-2019-6668,File Access Vulnerability in BIG-IP APM Edge Client for macOS by F5 Networks,"A vulnerability in the BIG-IP APM Edge Client for macOS allows unprivileged users to gain access to files that should be protected and only accessible by the root user. This issue is present in several versions of the client, making it a significant concern for users who rely on effective access controls to safeguard sensitive information. Proper mitigation steps should be taken to ensure system integrity and protect against unauthorized file access.",F5,Big-ip Apm Edge Client,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-11-27T21:47:22.000Z,0
CVE-2019-6656,https://securityvulnerability.io/vulnerability/CVE-2019-6656,Logging Vulnerability in BIG-IP APM Edge Client Affects F5 Networks,"The F5 Networks BIG-IP APM Edge Client versions prior to 7.1.8 expose sensitive information by logging full application session IDs in log files. This practice can lead to potential unauthorized access as the session IDs may reveal user session data. It is crucial for users of affected BIG-IP APM versions, including 15.0.0-15.0.1, 14.1.0-14.1.0.6, and others, to upgrade to the fixed version. Starting with BIG-IP APM version 13.1.0, the APM Client components can be updated independently from the BIG-IP software, enabling better security management.",F5,Big-ip Apm Edge Client,7.5,HIGH,0.0017800000496208668,false,,false,false,false,,,false,false,,2019-09-25T19:03:32.000Z,0
CVE-2018-15332,https://securityvulnerability.io/vulnerability/CVE-2018-15332,,The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.,F5,"Big-ip (apm), Big-ip Apm Clients, Big-ip Edge Client",7,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2018-12-06T14:00:00.000Z,0
CVE-2018-15316,https://securityvulnerability.io/vulnerability/CVE-2018-15316,,"In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks.",F5,"Big-ip (apm),Big-ip Apm Clients,Big-ip Edge Client",5.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2018-10-19T13:29:00.000Z,0
CVE-2018-5546,https://securityvulnerability.io/vulnerability/CVE-2018-5546,,"The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host.",F5,"Big-ip Apm Client For Linux,Big-ip Apm Client For Mac OS",7.8,HIGH,0.0010900000343099236,false,,false,false,false,,,false,false,,2018-08-17T12:29:00.000Z,0
CVE-2018-5547,https://securityvulnerability.io/vulnerability/CVE-2018-5547,,"Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges",F5,Big-ip Apm Client For Windows,7.8,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2018-08-17T12:29:00.000Z,0
CVE-2018-5529,https://securityvulnerability.io/vulnerability/CVE-2018-5529,,"The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or disrupt service.",F5,Big-ip Apm Client For Linux And Mac Osx,7.8,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2018-07-12T00:00:00.000Z,0