CVE-2019-6591

Published: Feb 5, 2019Modified: Nov 21, 2024

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system.

Affected (3)

Products: F5: Big Ip Access Policy Manager

1 product

Big Ip Access Policy Manager

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 12.1.0 to 12.1.3
F5 Big Ip Access Policy Manager	From 13.0.0 to 13.1.1.3
F5 Big Ip Access Policy Manager	From 14.0.0 to 14.0.0.4

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://support.f5.com/csp/article/K32840424

Source: f5sirt@f5.com

MitigationVendor Advisory

https://support.f5.com/csp/article/K32840424

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.