CVE-2021-22983

Published: Feb 12, 2021Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting attack if they attempt to access a maliciously-crafted URL. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Affected (3)

Products: F5: Big Ip Advanced Firewall Manager

1 product

Big Ip Advanced Firewall Manager

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Advanced Firewall Manager	From 13.1.0 to 13.1.3.5
F5 Big Ip Advanced Firewall Manager	From 14.1.0 to 14.1.3.1
F5 Big Ip Advanced Firewall Manager	From 15.1.0 to 15.1.1

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://support.f5.com/csp/article/K76518456

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K76518456

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.