On BIG-IP (AFM, Analytics, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.3.4, A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the Configuration utility.
2019-07-03T18:15:10.630
2024-11-21T04:46:50.110
Modified
CVSSv3.0: 6.1 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | f5 | big-ip_advanced_firewall_manager | ≤ 11.6.3 | Yes |
| Application | f5 | big-ip_advanced_firewall_manager | < 12.1.4.1 | Yes |
| Application | f5 | big-ip_advanced_firewall_manager | < 13.1.1.5 | Yes |
| Application | f5 | big-ip_advanced_firewall_manager | < 14.0.0.5 | Yes |
| Application | f5 | big-ip_advanced_firewall_manager | < 14.1.0.6 | Yes |
| Application | f5 | big-ip_analytics | ≤ 11.6.3 | Yes |
| Application | f5 | big-ip_analytics | < 12.1.4.1 | Yes |
| Application | f5 | big-ip_analytics | < 13.1.1.5 | Yes |
| Application | f5 | big-ip_analytics | < 14.0.0.5 | Yes |
| Application | f5 | big-ip_analytics | < 14.1.0.6 | Yes |
| Application | f5 | big-ip_application_security_manager | ≤ 11.6.3 | Yes |
| Application | f5 | big-ip_application_security_manager | < 12.1.4.1 | Yes |
| Application | f5 | big-ip_application_security_manager | < 13.1.1.5 | Yes |
| Application | f5 | big-ip_application_security_manager | < 14.0.0.5 | Yes |
| Application | f5 | big-ip_application_security_manager | < 14.1.0.6 | Yes |