CVE-2022-28714

EPSS 0.57%
Published 05.05.2022 17:15:14
Last modified 21.11.2024 06:57:47
Source f5sirt@f5.com
Teams watchlist Login
Open Login

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

F5 ≫ Big-ip Access Policy Manager Version11.6.1

F5 ≫ Big-ip Access Policy Manager Version11.6.2

F5 ≫ Big-ip Access Policy Manager Version11.6.3

F5 ≫ Big-ip Access Policy Manager Version11.6.4

F5 ≫ Big-ip Access Policy Manager Version11.6.5

F5 ≫ Big-ip Access Policy Manager Version12.1.0

F5 ≫ Big-ip Access Policy Manager Version12.1.1

F5 ≫ Big-ip Access Policy Manager Version12.1.2

F5 ≫ Big-ip Access Policy Manager Version12.1.3

F5 ≫ Big-ip Access Policy Manager Version12.1.4

F5 ≫ Big-ip Access Policy Manager Version12.1.5

F5 ≫ Big-ip Access Policy Manager Version12.1.6

F5 ≫ Big-ip Access Policy Manager Version13.1.0

F5 ≫ Big-ip Access Policy Manager Version13.1.1

F5 ≫ Big-ip Access Policy Manager Version13.1.3

F5 ≫ Big-ip Access Policy Manager Version13.1.4

F5 ≫ Big-ip Access Policy Manager Version13.1.5

F5 ≫ Big-ip Access Policy Manager Version14.1.0

F5 ≫ Big-ip Access Policy Manager Version14.1.2

F5 ≫ Big-ip Access Policy Manager Version14.1.3

F5 ≫ Big-ip Access Policy Manager Version14.1.4

F5 ≫ Big-ip Access Policy Manager Version15.1.0

F5 ≫ Big-ip Access Policy Manager Version15.1.1

F5 ≫ Big-ip Access Policy Manager Version15.1.2

F5 ≫ Big-ip Access Policy Manager Version15.1.3

F5 ≫ Big-ip Access Policy Manager Version15.1.4

F5 ≫ Big-ip Access Policy Manager Version15.1.5

F5 ≫ Big-ip Access Policy Manager Version16.1.0

F5 ≫ Big-ip Access Policy Manager Version16.1.1

F5 ≫ Big-ip Access Policy Manager Version16.1.2

F5 ≫ Big-ip Access Policy Manager Version17.0.0

F5 ≫ Big-ip Access Policy Manager Client Version7.1.5

F5 ≫ Big-ip Access Policy Manager Client Version7.1.6

F5 ≫ Big-ip Access Policy Manager Client Version7.1.6.1

F5 ≫ Big-ip Access Policy Manager Client Version7.1.7

F5 ≫ Big-ip Access Policy Manager Client Version7.1.8

F5 ≫ Big-ip Access Policy Manager Client Version7.1.8.2

F5 ≫ Big-ip Access Policy Manager Client Version7.1.9

F5 ≫ Big-ip Access Policy Manager Client Version7.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.57%	0.675

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P
f5sirt@f5.com	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://support.f5.com/csp/article/K54460845

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-28714

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-28714

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-28714

EUVD