On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
Link | Resource |
---|---|
https://support.f5.com/csp/article/K57110035 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
24 Jan 2023, 16:08
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.2:*:*:*:*:*:*:* |
06 Oct 2022, 02:42
Type | Values Removed | Values Added |
---|---|---|
First Time |
Microsoft windows
Microsoft |
|
CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
13 May 2022, 15:33
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
References | (MISC) https://support.f5.com/csp/article/K57110035 - Vendor Advisory | |
CPE | cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager_client:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.5:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.6:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.3:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.5:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.3:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.5:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.5:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.3:*:*:*:*:*:*:* |
|
CWE | CWE-532 | |
First Time |
F5
F5 big-ip Access Policy Manager F5 big-ip Access Policy Manager Client |
05 May 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-05 17:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-27636
Mitre link : CVE-2022-27636
CVE.ORG link : CVE-2022-27636
JSON object : View
Products Affected
f5
- big-ip_access_policy_manager_client
- big-ip_access_policy_manager
microsoft
- windows
CWE
CWE-532
Insertion of Sensitive Information into Log File