cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-28883,https://securityvulnerability.io/vulnerability/CVE-2024-28883,F5 BIG-IP APM Vulnerability Allows Attackers to Bypass Endpoint Inspection,"A vulnerability in the F5 BIG-IP APM browser network access VPN client affects systems running on Windows, macOS, and Linux. This origin validation flaw may enable attackers to circumvent the endpoint inspection mechanisms, presenting a risk to the integrity of network security protocols. Implementing the appropriate software updates and measures is crucial for protecting affected systems, especially as software versions that have reached End of Technical Support are not evaluated for this vulnerability.",F5,"Big-ip Edge Client,Big-ip",7.4,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-08T15:01:24.931Z,0
CVE-2023-5450,https://securityvulnerability.io/vulnerability/CVE-2023-5450,BIG-IP Edge Client for macOS vulnerability,"A vulnerability has been identified in the BIG-IP Edge Client Installer on macOS, characterized by inadequate verification of user data. This flaw could potentially enable an attacker to gain elevated privileges during the installation process, leading to unauthorized access or control over the system. It is important to note that software versions which have reached End of Technical Support (EoTS) do not fall under evaluation for this vulnerability.",F5,Big-ip Edge Client,7.3,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2023-10-10T13:15:00.000Z,0
CVE-2023-43611,https://securityvulnerability.io/vulnerability/CVE-2023-43611,BIG-IP Edge Client for macOS vulnerability,The F5 BIG-IP Edge Client Installer on macOS has a vulnerability that enables unauthorized privilege elevation during installation. This issue stems from an incomplete resolution of a prior vulnerability and emphasizes the importance of adhering to best practices in software installation processes. Users should ensure they are not operating outdated versions that have reached End of Technical Support (EoTS) to avoid exposure to this risk.,F5,Big-ip Edge Client,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-10T13:15:00.000Z,0
CVE-2023-43125,https://securityvulnerability.io/vulnerability/CVE-2023-43125,BIG-IP APM Clients TunnelCrack vulnerability,"
BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip Edge Client,F5 Access",6.8,MEDIUM,0.0013500000350177288,false,,false,false,false,,,false,false,,2023-09-27T16:21:00.000Z,0
CVE-2023-43124,https://securityvulnerability.io/vulnerability/CVE-2023-43124,BIG-IP APM Clients TunnelCrack vulnerability,"
BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip Edge Client,F5 Access",5.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-09-27T16:21:00.000Z,0
CVE-2023-36858,https://securityvulnerability.io/vulnerability/CVE-2023-36858,BIG-IP Edge Client for Windows and macOS vulnerability,A vulnerability in the F5 BIG-IP Edge Client for both Windows and macOS allows attackers to potentially alter the configured server list due to insufficient data verification. This flaw may enable unauthorized modifications that could compromise the intended functionality and security posture of the client application. Note that versions of the software that have reached End of Technical Support (EoTS) are not eligible for evaluation.,F5,Big-ip Edge Client,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-08-02T16:15:00.000Z,0
CVE-2023-38418,https://securityvulnerability.io/vulnerability/CVE-2023-38418,BIG-IP Edge Client for macOS vulnerability,"The BIG-IP Edge Client Installer for macOS has been identified as having a vulnerability that allows for improper privilege escalation. This issue arises because the installer does not adhere to recommended practices for elevating privileges during the installation process. As a result, unauthorized users may potentially exploit this flaw to gain elevated access rights. It's important to note that software versions that have reached End of Technical Support (EoTS) are not evaluated for this vulnerability.",F5,Big-ip Edge Client,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-08-02T16:15:00.000Z,0
CVE-2023-22372,https://securityvulnerability.io/vulnerability/CVE-2023-22372,BIG-IP Edge Client for Windows and Mac OS vulnerability,"
In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Edge Client,5.9,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-05-03T15:15:00.000Z,0
CVE-2023-24461,https://securityvulnerability.io/vulnerability/CVE-2023-24461,BIG-IP Edge Client for Windows and macOS vulnerability,"An improper certificate validation vulnerability has been identified in the BIG-IP Edge Client for both Windows and macOS platforms. This flaw may enable an attacker to impersonate a BIG-IP Access Policy Manager (APM) system, posing security risks to the environment. It is crucial to monitor and mitigate such vulnerabilities to prevent unauthorized access. Software versions reaching End of Technical Support (EoTS) are not part of the evaluation.",F5,Big-ip Edge Client,7.4,HIGH,0.0005699999746866524,false,,false,false,false,,,false,false,,2023-05-03T15:15:00.000Z,0
CVE-2022-23032,https://securityvulnerability.io/vulnerability/CVE-2022-23032,DNS Rebinding Vulnerability in BIG-IP APM by F5 Networks,"In all versions prior to 7.2.1.4 of the BIG-IP APM system, a configuration issue with proxy settings in the network access resource allows an attacker to exploit a DNS rebinding attack when connecting BIG-IP Edge Client on both Mac and Windows platforms. This could lead to unauthorized access to the internal network, compromising sensitive data and infrastructure security. It is crucial for organizations using affected versions to update their systems to mitigate potential risks.",F5,Big-ip Edge Client For Mac And Windows,5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-01-25T19:11:34.000Z,0
CVE-2021-23002,https://securityvulnerability.io/vulnerability/CVE-2021-23002,Session ID Exposure in BIG-IP APM and Edge Client by F5 Networks,"The F5 BIG-IP APM and Edge Client expose session IDs in the command arguments when launching the VPN from a web browser on Windows systems. This vulnerability affects several versions of both the BIG-IP APM and Edge Client, necessitating coordinated updates for both client and server to mitigate the risks associated with potential interception of session identifiers.",F5,Big-ip Apm And Edge Client,4.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-03-31T17:32:20.000Z,0
CVE-2020-5892,https://securityvulnerability.io/vulnerability/CVE-2020-5892,Session ID Exposure in F5 BIG-IP Edge Client Components,"The F5 BIG-IP Edge Client components in versions 7.1.5 to 7.1.8 are susceptible to a vulnerability allowing attackers to extract the full session ID from the process memory. This issue affects the BIG-IP APM, Edge Gateway, and FirePass legacy products, posing potential risks to user sessions and sensitive information. Users are advised to update their affected products to the latest versions to mitigate this security risk.",F5,Big-ip Edge Client,6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-04-30T21:03:08.000Z,0
CVE-2020-5893,https://securityvulnerability.io/vulnerability/CVE-2020-5893,Vulnerability in BIG-IP Edge Client for F5 Networks due to HTTP Authentication,"In certain versions of the BIG-IP Edge Client, users connecting to a VPN over an unsecure network may inadvertently expose authentication credentials. The client responds to authentication requests using HTTP rather than HTTPS, creating a significant risk of sensitive data interception. This occurs while the client is attempting to detect captive portals, thereby compromising secure communications.",F5,Big-ip Edge Client,3.7,LOW,0.0008399999933317304,false,,false,false,false,,,false,false,,2020-04-30T21:00:49.000Z,0
CVE-2019-6668,https://securityvulnerability.io/vulnerability/CVE-2019-6668,File Access Vulnerability in BIG-IP APM Edge Client for macOS by F5 Networks,"A vulnerability in the BIG-IP APM Edge Client for macOS allows unprivileged users to gain access to files that should be protected and only accessible by the root user. This issue is present in several versions of the client, making it a significant concern for users who rely on effective access controls to safeguard sensitive information. Proper mitigation steps should be taken to ensure system integrity and protect against unauthorized file access.",F5,Big-ip Apm Edge Client,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-11-27T21:47:22.000Z,0
CVE-2019-6656,https://securityvulnerability.io/vulnerability/CVE-2019-6656,Logging Vulnerability in BIG-IP APM Edge Client Affects F5 Networks,"The F5 Networks BIG-IP APM Edge Client versions prior to 7.1.8 expose sensitive information by logging full application session IDs in log files. This practice can lead to potential unauthorized access as the session IDs may reveal user session data. It is crucial for users of affected BIG-IP APM versions, including 15.0.0-15.0.1, 14.1.0-14.1.0.6, and others, to upgrade to the fixed version. Starting with BIG-IP APM version 13.1.0, the APM Client components can be updated independently from the BIG-IP software, enabling better security management.",F5,Big-ip Apm Edge Client,7.5,HIGH,0.0017800000496208668,false,,false,false,false,,,false,false,,2019-09-25T19:03:32.000Z,0
CVE-2018-15332,https://securityvulnerability.io/vulnerability/CVE-2018-15332,,The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.,F5,"Big-ip (apm), Big-ip Apm Clients, Big-ip Edge Client",7,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2018-12-06T14:00:00.000Z,0
CVE-2018-15316,https://securityvulnerability.io/vulnerability/CVE-2018-15316,,"In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks.",F5,"Big-ip (apm),Big-ip Apm Clients,Big-ip Edge Client",5.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2018-10-19T13:29:00.000Z,0