CVE-2026-20730

>= 7.2.5 and < 7.2.6.2

A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensiti

3.3LOW

CVE-2025-48500

all versions

A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated

7.3HIGH

CVE-2024-28883

>= 7.2.3 and < 7.2.4.4

An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux whic

7.4HIGH

CVE-2023-43125

>= 7.2.3 and <= 7.2.4

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Su

6.8MEDIUM

CVE-2023-43124

>= 7.2.3 and <= 7.2.4

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical S

5.3MEDIUM

CVE-2022-28714

all versions

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x v

7.3HIGH

CVE-2022-27636

>= 7.1.6 and <= 7.2.1

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x v

5.5MEDIUM

CVE-2022-23032

>= 7.1.6 and <= 7.1.9

In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecti

5.3MEDIUM

CVE-2021-23022

>= 7.1.6 and <= 7.1.9.9

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary

7.8HIGH

CVE-2020-5898

>= 7.1.5 and <= 7.1.9

In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A l

5.5MEDIUM

CVE-2020-5897

>= 7.1.5 and <= 7.1.9

In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.

8.8HIGH

CVE-2020-5896

>= 7.1.5 and <= 7.1.9

On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permission

7.8HIGH

CVE-2020-5892

>= 7.1.5 and <= 7.1.8

In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obt

6.7MEDIUM

CVE-2020-5893

>= 7.1.5 and < 7.1.9

In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client respo

3.7LOW

CVE-2020-5855

>= 7.1.5 and <= 7.1.8

When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users wh

4.3MEDIUM

CVE-2019-6656

>= 7.1.5 and <= 7.1.8

BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions

7.5HIGH

CVE-2018-15332

>= 7.1.5 and <= 7.1.7

The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can a

7.0HIGH

CVE-2018-15316

>= 7.1.5 and <= 7.1.6

In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads

5.5MEDIUM

CVE-2018-5547

all versions

Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode w

7.8HIGH

CVE-2018-5546

>= 7.1.5 and <= 7.1.7

The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged

7.8HIGH