F5 BIG-IP APM
Easy fix4 remedies
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*, +1 more
Easy fix4 remedies
- 21.0.0
- 17.5.0
- 17.5.1
- 17.1.0
- 17.1.1
- 17.1.2
- 17.1.3
- 16.1.0
- 16.1.1
- 16.1.2
- 16.1.3
- 16.1.4
- 16.1.5
- 16.1.6
F5 BIG-IP APM Denial-of-Service Vulnerability
Vulnerability
Patched
A denial-of-service vulnerability has been identified in F5 BIG-IP APM versions 21.0.0, 17.5.0 through 17.5.1, and 17.1.0 through 17.1.3. When an APM access policy is active on a virtual server, certain undisclosed traffic can lead to the termination of the 'apmd' process. This disruption causes a temporary outage as the process restarts, allowing for an unauthenticated attacker to exploit this issue and cause a DoS condition on the BIG-IP APM system.
Impact
Exploitation of this vulnerability disrupts traffic by causing the 'apmd' process to terminate and restart, leading to a temporary denial-of-service condition on the BIG-IP APM system.
Remediation
Users can upgrade to BIG-IP APM versions 21.0.0.1, 17.5.1.4, or 17.1.3.1 to address this vulnerability. For more information about managing BIG-IP product hotfixes, refer to the F5 article K13123.
Added: May 13, 2026, 6:18 PM
Updated: May 13, 2026, 6:18 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
2.5exploitability
7.6remediation
7.9relevance
8.2threat
0.0urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.