Session Information Exposure Vulnerability in F5 BIG-IP APM
CVE-2022-27636

5.5MEDIUM

Key Information:

Vendor: F5
Status: Big-ip Apm; Big-ip Apm Clients
Vendor: CVE Published:; 5 May 2022

Summary

An issue in F5 BIG-IP APM allows for the logging of sensitive session-related information when the VPN is initiated on a Windows system. This vulnerability affects various versions of the BIG-IP APM, where exposed logs could potentially be accessed by unauthorized individuals, leading to possible exploitation of internal user data. It is crucial for organizations using these affected versions to evaluate their systems and take necessary precautions to mitigate this risk.

Affected Version(s)

BIG-IP APM 12.1.x

BIG-IP APM 11.6.x

BIG-IP APM 16.1.x < 16.1.2.2

References

https://support.f5.com/csp/article/K57110035

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 5, 2022
Vulnerability Reserved
Apr 19, 2022