F5 Big-ip_access_policy_manager_client
20 CVEs affecting F5 Big-ip_access_policy_manager_client. Latest disclosed: 2026-02-04. Critical: 0, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-5897 | High | 8.8 | 2020-05-12 | In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component. |
CVE-2021-23022 | High | 7.8 | 2021-06-10 | On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and fold… |
CVE-2020-5896 | High | 7.8 | 2020-05-12 | On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions. |
CVE-2018-5547 | High | 7.8 | 2018-08-17 | Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to… |
CVE-2018-5546 | High | 7.8 | 2018-08-17 | The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unp… |
CVE-2019-6656 | High | 7.5 | 2019-09-25 | BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled wi… |
CVE-2024-28883 | High | 7.4 | 2024-05-08 | An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to by… |
CVE-2025-48500 | High | 7.3 | 2025-08-13 | A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the… |
CVE-2022-28714 | High | 7.3 | 2022-05-05 | On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and… |
CVE-2018-15332 | High | 7.0 | 2018-12-06 | The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to… |
CVE-2023-43125 | Medium | 6.8 | 2023-09-27 | BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
CVE-2020-5892 | Medium | 6.7 | 2020-04-30 | In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from… |
CVE-2022-27636 | Medium | 5.5 | 2022-05-05 | On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and… |
CVE-2020-5898 | Medium | 5.5 | 2020-05-12 | In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows clie… |
CVE-2018-15316 | Medium | 5.5 | 2018-10-19 | In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user… |
CVE-2023-43124 | Medium | 5.3 | 2023-09-27 | BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
CVE-2022-23032 | Medium | 5.3 | 2022-01-25 | In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac… |
CVE-2020-5855 | Medium | 4.3 | 2020-02-06 | When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an… |
CVE-2020-5893 | Low | 3.7 | 2020-04-30 | In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication request… |
CVE-2026-20730 | Low | 3.3 | 2026-02-04 | A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information. Note: Softwa… |