CVE-2022-27636: 
F5 BIG-IP Virtual Edition vulnerability analysis and mitigation

A vulnerability identified as CVE-2022-27636 affects F5 BIG-IP APM and BIG-IP APM Clients systems. The vulnerability was discovered in multiple versions including BIG-IP APM 16.1.x (prior to 16.1.2.2), 15.1.x (prior to 15.1.5.1), 14.1.x (prior to 14.1.4.6), 13.1.x (prior to 13.1.5), and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5. The issue was disclosed on May 5, 2022 (NVD).

The vulnerability is classified as CWE-532 (Insertion of Sensitive Information into Log File). It has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access requirements with high confidentiality impact (NVD).

When exploited, this vulnerability allows the BIG-IP Edge Client to log sensitive APM session-related information when VPN is launched on a Windows system, potentially exposing confidential data (NVD).

F5 has released patched versions to address this vulnerability. Users should upgrade to BIG-IP APM version 16.1.2.2, 15.1.5.1, 14.1.4.6, or 13.1.5 based on their current version. For BIG-IP APM Clients, upgrading to version 7.2.1.5 or later is recommended (Vendor Advisory).