Cross-Site Scripting Vulnerability in F5 BIG-IP Products
CVE-2014-4023

Currently unrated

Key Information:

Vendor: F5
Status: Big-ip Advanced Firewall Manager
Vendor: CVE Published:; 28 October 2014

Summary

This vulnerability allows remote attackers to inject arbitrary web scripts or HTML into the F5 BIG-IP Configuration utility, potentially compromising the application's integrity and exposing sensitive information. The impacted versions span across multiple BIG-IP modules, creating a wide attack surface. Organizations using these products should ensure they have applied the recommended security patches to mitigate this risk.

References

https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...

x_refsource_MISC

https://support.f5.com/kb/en-us/solutions/public/15000/50...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1030776

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Oct 28, 2014
Vulnerability Reserved
Jun 11, 2014