Vulnerability Description
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Access Policy Manager | 11.6.1 |
| F5 | Big-Ip Access Policy Manager Client | >= 7.1.6, <= 7.2.1 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://support.f5.com/csp/article/K57110035Vendor Advisory
- https://support.f5.com/csp/article/K57110035Vendor Advisory
FAQ
What is CVE-2022-27636?
CVE-2022-27636 is a vulnerability with a CVSS score of 5.5 (MEDIUM). On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as wel...
How severe is CVE-2022-27636?
CVE-2022-27636 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-27636?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Access Policy Manager, F5 Big-Ip Access Policy Manager Client, Microsoft Windows.