cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-28883,https://securityvulnerability.io/vulnerability/CVE-2024-28883,F5 BIG-IP APM Vulnerability Allows Attackers to Bypass Endpoint Inspection,"A vulnerability in the F5 BIG-IP APM browser network access VPN client affects systems running on Windows, macOS, and Linux. This origin validation flaw may enable attackers to circumvent the endpoint inspection mechanisms, presenting a risk to the integrity of network security protocols. Implementing the appropriate software updates and measures is crucial for protecting affected systems, especially as software versions that have reached End of Technical Support are not evaluated for this vulnerability.",F5,"Big-ip Edge Client,Big-ip",7.4,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-08T15:01:24.931Z,0
CVE-2023-43611,https://securityvulnerability.io/vulnerability/CVE-2023-43611,BIG-IP Edge Client for macOS vulnerability,The F5 BIG-IP Edge Client Installer on macOS has a vulnerability that enables unauthorized privilege elevation during installation. This issue stems from an incomplete resolution of a prior vulnerability and emphasizes the importance of adhering to best practices in software installation processes. Users should ensure they are not operating outdated versions that have reached End of Technical Support (EoTS) to avoid exposure to this risk.,F5,Big-ip Edge Client,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2023-10-10T13:15:00.000Z,0
CVE-2023-5450,https://securityvulnerability.io/vulnerability/CVE-2023-5450,BIG-IP Edge Client for macOS vulnerability,"A vulnerability has been identified in the BIG-IP Edge Client Installer on macOS, characterized by inadequate verification of user data. This flaw could potentially enable an attacker to gain elevated privileges during the installation process, leading to unauthorized access or control over the system. It is important to note that software versions which have reached End of Technical Support (EoTS) do not fall under evaluation for this vulnerability.",F5,Big-ip Edge Client,7.3,HIGH,0.000539999979082495,false,false,false,false,,false,false,2023-10-10T13:15:00.000Z,0
CVE-2023-43125,https://securityvulnerability.io/vulnerability/CVE-2023-43125,BIG-IP APM Clients TunnelCrack vulnerability,"
BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip Edge Client,F5 Access",6.8,MEDIUM,0.0013500000350177288,false,false,false,false,,false,false,2023-09-27T16:21:00.000Z,0
CVE-2023-43124,https://securityvulnerability.io/vulnerability/CVE-2023-43124,BIG-IP APM Clients TunnelCrack vulnerability,"
BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip Edge Client,F5 Access",5.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2023-09-27T16:21:00.000Z,0
CVE-2023-36858,https://securityvulnerability.io/vulnerability/CVE-2023-36858,BIG-IP Edge Client for Windows and macOS vulnerability,A vulnerability in the F5 BIG-IP Edge Client for both Windows and macOS allows attackers to potentially alter the configured server list due to insufficient data verification. This flaw may enable unauthorized modifications that could compromise the intended functionality and security posture of the client application. Note that versions of the software that have reached End of Technical Support (EoTS) are not eligible for evaluation.,F5,Big-ip Edge Client,7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2023-08-02T16:15:00.000Z,0
CVE-2023-38418,https://securityvulnerability.io/vulnerability/CVE-2023-38418,BIG-IP Edge Client for macOS vulnerability,"The BIG-IP Edge Client Installer for macOS has been identified as having a vulnerability that allows for improper privilege escalation. This issue arises because the installer does not adhere to recommended practices for elevating privileges during the installation process. As a result, unauthorized users may potentially exploit this flaw to gain elevated access rights. It's important to note that software versions that have reached End of Technical Support (EoTS) are not evaluated for this vulnerability.",F5,Big-ip Edge Client,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2023-08-02T16:15:00.000Z,0
CVE-2023-24461,https://securityvulnerability.io/vulnerability/CVE-2023-24461,BIG-IP Edge Client for Windows and macOS vulnerability,"
An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,BIG-IP Edge Client,5.9,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2023-05-03T15:15:00.000Z,0
CVE-2023-22372,https://securityvulnerability.io/vulnerability/CVE-2023-22372,BIG-IP Edge Client for Windows and Mac OS vulnerability,"
In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,BIG-IP Edge Client,5.9,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-05-03T15:15:00.000Z,0
CVE-2022-23032,https://securityvulnerability.io/vulnerability/CVE-2022-23032,,"In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Edge Client For Mac And Windows,5.3,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2022-01-25T19:11:34.000Z,0
CVE-2021-23002,https://securityvulnerability.io/vulnerability/CVE-2021-23002,,"When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system. Addressing this issue requires both the client and server fixes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,Big-ip Apm And Edge Client,4.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2021-03-31T17:32:20.000Z,0
CVE-2020-5892,https://securityvulnerability.io/vulnerability/CVE-2020-5892,,"In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.",F5,Big-ip Edge Client,6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2020-04-30T21:03:08.000Z,0
CVE-2020-5893,https://securityvulnerability.io/vulnerability/CVE-2020-5893,,"In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.",F5,Big-ip Edge Client,3.7,LOW,0.0008399999933317304,false,false,false,false,,false,false,2020-04-30T21:00:49.000Z,0
CVE-2019-6668,https://securityvulnerability.io/vulnerability/CVE-2019-6668,,"The BIG-IP APM Edge Client for macOS bundled with BIG-IP APM 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5 may allow unprivileged users to access files owned by root.",F5,Big-ip Apm Edge Client,5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2019-11-27T21:47:22.000Z,0
CVE-2019-6656,https://securityvulnerability.io/vulnerability/CVE-2019-6656,,"BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix.",F5,Big-ip Apm Edge Client,7.5,HIGH,0.0017800000496208668,false,false,false,false,,false,false,2019-09-25T19:03:32.000Z,0
CVE-2018-15332,https://securityvulnerability.io/vulnerability/CVE-2018-15332,,The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.,F5,"Big-ip (apm), Big-ip Apm Clients, Big-ip Edge Client",7,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2018-12-06T14:00:00.000Z,0
CVE-2018-15316,https://securityvulnerability.io/vulnerability/CVE-2018-15316,,"In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks.",F5,"Big-ip (apm),Big-ip Apm Clients,Big-ip Edge Client",5.5,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2018-10-19T13:29:00.000Z,0