CVE-2021-23002

Name of the Vulnerable Software and Affected Versions BIG-IP APM versions 16.0.x through 16.0.1.0 BIG-IP APM versions 15.1.x through 15.1.2.0 BIG-IP APM versions 14.1.x through 14.1.3 BIG-IP APM versions 13.1.x through 13.1.3.5 BIG-IP APM versions 12.1.x and earlier BIG-IP APM versions 11.6.x and earlier Edge Client versions 7.2.1.x through 7.2.1.0 Edge Client versions 7.1.9.x through 7.1.9.7 Edge Client versions 7.1.8.x through 7.1.8.4

Description The session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system. This issue requires both client and server fixes to address.

Recommendations For BIG-IP APM versions 16.0.x, update to version 16.0.1.1 or later. For BIG-IP APM versions 15.1.x, update to version 15.1.2.1 or later. For BIG-IP APM versions 14.1.x, update to version 14.1.4 or later. For BIG-IP APM versions 13.1.x, update to version 13.1.3.6 or later. For BIG-IP APM versions 12.1.x and 11.6.x, there is no information about a newer version that contains a fix for this issue. For Edge Client versions 7.2.1.x, update to version 7.2.1.1 or later. For Edge Client versions 7.1.9.x, update to version 7.1.9.8 or later. For Edge Client versions 7.1.8.x, update to version 7.1.8.5 or later.