Cross-Site Scripting Vulnerability in BIG-IP AFM by F5 Networks
CVE-2021-22983

5.4MEDIUM

Key Information:

Vendor: F5
Status: Big-ip Afm
Vendor: CVE Published:; 12 February 2021

Summary

On specific versions of the BIG-IP Application Security Manager, authenticated users can fall prey to a cross-site scripting attack through maliciously-crafted URLs when accessing the Configuration utility. This vulnerability exposes sensitive data and could allow attackers to manipulate user sessions or gain unauthorized information. Note that affected software versions that have reached End of Software Development are not considered in the evaluation.

Affected Version(s)

BIG-IP AFM 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5

References

https://support.f5.com/csp/article/K76518456

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 12, 2021
Vulnerability Reserved
Jan 6, 2021