Reflected Cross-Site Scripting Vulnerability in BIG-IQ by F5 Networks
CVE-2021-23006

6.1MEDIUM

Key Information:

Vendor: F5
Status: Big-iq
Vendor: CVE Published:; 31 March 2021

Summary

The BIG-IQ product by F5 Networks has a reflected cross-site scripting vulnerability affecting versions 7.x and 6.x. This vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, potentially compromising sensitive information or executing unauthorized actions. It is important to upgrade to version 8.0.0 or later to mitigate risks associated with this vulnerability.

Affected Version(s)

BIG-IQ All 7.x and 6.x versions

References

https://support.f5.com/csp/article/K30585021

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 31, 2021
Vulnerability Reserved
Jan 6, 2021