In some situations, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List. (CVE-2018-15326).
Impact
Users with revoked certificates may be able to gain access to the system.