VIR Vulnerability Intelligence Relay

CVE-2015-8098

critical
Published 2016-01-12 · Modified 2026-05-06
CVSS v3
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2
10.0
VIR risk
9.8

Description

F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors related to processing a Citrix Remote Desktop connection through a virtual server configured with a remote desktop profile, aka an "Out-of-bounds memory vulnerability."

Predictions

Exploit likelihood
97%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://support.f5.com/kb/en-us/solutions/public/k/43/sol43552605.html

Application impact
VendorProductVersionsFixed
f5big-ip_access_policy_manager11.2.0
f5big-ip_access_policy_manager11.2.1
f5big-ip_access_policy_manager11.3.0
f5big-ip_access_policy_manager11.4.0
f5big-ip_access_policy_manager11.5.0
f5big-ip_access_policy_manager11.5.1
f5big-ip_access_policy_manager11.6.0

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.