CVE-2022-27230

Published: May 5, 2022Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected (19)

Products: F5: Big Ip Access Policy Manager, Big Ip Guided Configuration

2 products

Big Ip Access Policy Manager

Big Ip Guided Configuration

Configuration A

19 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	Version 13.1.0
F5 Big Ip Access Policy Manager	Version 13.1.1
F5 Big Ip Access Policy Manager	Version 13.1.3
F5 Big Ip Access Policy Manager	Version 13.1.4
F5 Big Ip Access Policy Manager	Version 13.1.5
F5 Big Ip Access Policy Manager	Version 14.1.0
F5 Big Ip Access Policy Manager	Version 14.1.2
F5 Big Ip Access Policy Manager	Version 14.1.3
F5 Big Ip Access Policy Manager	Version 14.1.4
F5 Big Ip Access Policy Manager	Version 15.1.0
F5 Big Ip Access Policy Manager	Version 15.1.1
F5 Big Ip Access Policy Manager	Version 15.1.2
F5 Big Ip Access Policy Manager	Version 15.1.3
F5 Big Ip Access Policy Manager	Version 15.1.4
F5 Big Ip Access Policy Manager	Version 15.1.5
F5 Big Ip Access Policy Manager	Version 16.1.0
F5 Big Ip Access Policy Manager	Version 16.1.1
F5 Big Ip Access Policy Manager	Version 16.1.2
F5 Big Ip Guided Configuration	Before 9.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://support.f5.com/csp/article/K21317311

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K21317311

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.