Stored Cross-Site Scripting Vulnerability in BIG-IP by F5 Networks
CVE-2019-6639

4.8MEDIUM

Key Information:

Vendor: F5
Status: Big-ip (afm, Pem)
Vendor: CVE Published:; 3 July 2019

Summary

A stored cross-site scripting (XSS) vulnerability exists in the TMUI pages for AFM and PEM Subscriber management in BIG-IP deployments. This issue affects multiple versions, allowing a malicious administrator to inject harmful scripts that may be executed by other users. However, the vulnerability is limited to the control plane and cannot be exploited through the data plane.

Affected Version(s)

BIG-IP (AFM, PEM) BIG-IP (AFM

BIG-IP (AFM, PEM) PEM) 14.1.0-14.1.0.5

BIG-IP (AFM, PEM) 14.0.0-14.0.0.4

References

https://support.f5.com/csp/article/K61002104

x_refsource_CONFIRM

http://www.securityfocus.com/bid/109064

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 3, 2019
Vulnerability Reserved
Jan 22, 2019