F5 Big-ip Access Policy Manager Client — known CVE vulnerabilities
Every CVE whose affected-product data names F5 Big-ip Access Policy Manager Client, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2020-5897 — CVSS 8.8 (high): In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.
CVE-2020-5896 — CVSS 7.8 (high): On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions.
CVE-2018-5546 — CVSS 7.8 (high): The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process…
CVE-2018-5547 — CVSS 7.8 (high): Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses…
CVE-2021-23022 — CVSS 7.8 (high): On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder…
CVE-2019-6656 — CVSS 7.5 (high): BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the…
CVE-2024-28883 — CVSS 7.4 (high): An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an…
CVE-2025-48500 — CVSS 7.3 (high): A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker…
CVE-2022-28714 — CVSS 7.3 (high): On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions…
CVE-2018-15332 — CVSS 7.0 (high): The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an…
CVE-2023-43125 — CVSS 6.8 (medium): BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support…
CVE-2020-5892 — CVSS 6.7 (medium): In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the…
CVE-2020-5898 — CVSS 5.5 (medium): In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user…
CVE-2022-27636 — CVSS 5.5 (medium): On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions…
CVE-2023-43124 — CVSS 5.3 (medium): BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support…
CVE-2022-23032 — CVSS 5.3 (medium): In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP…
CVE-2020-5855 — CVSS 4.3 (medium): When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have…
CVE-2020-5893 — CVSS 3.7 (low): In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to…
CVE-2026-20730 — CVSS 3.3 (low): A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive…