CVE-2022-28714
Summary
| CVE | CVE-2022-28714 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-05-05 17:15:00 UTC |
| Updated | 2022-05-12 15:29:00 UTC |
| Description | On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
Risk And Classification
Problem Types: CWE-427
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | F5 | Big-ip Access Policy Manager | 11.6.1 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 11.6.2 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 11.6.3 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 11.6.4 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 11.6.5 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 12.1.0 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 12.1.1 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 12.1.2 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 12.1.3 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 12.1.4 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 12.1.5 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 12.1.6 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 13.1.0 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 13.1.1 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 13.1.3 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 13.1.4 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 13.1.5 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 14.1.0 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 14.1.2 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 14.1.3 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 14.1.4 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 15.1.0 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 15.1.1 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 15.1.2 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 15.1.3 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 15.1.4 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 15.1.5 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 16.1.0 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 16.1.1 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 16.1.2 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 17.0.0 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager Client | 7.1.5 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager Client | 7.1.6 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager Client | 7.1.6.1 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager Client | 7.1.7 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager Client | 7.1.8 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager Client | 7.1.8.2 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager Client | 7.1.9 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager Client | 7.2.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| support.f5.com/csp/article/K54460845 | MISC | support.f5.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: F5 would like to acknowledge Minki Jang of HackEnTerBoBs and Raeez Abdulla of CodeGreen Systems, UAE for bringing this issue to our attention and following the highest standards of coordinated disclosure.
Legacy QID Mappings
- 376630 F5 BIG-IP Access Policy Manager (APM) Edge Client for Windows Vulnerability (K54460845)