BIG-IP TMUI XSS vulnerability
CVE-2023-27378

7.5HIGH

Key Information:

Vendor: F5
Status: Big-ip
Vendor: CVE Published:; 3 May 2023

What is CVE-2023-27378?

Multiple reflected cross-site scripting vulnerabilities are present in the F5 BIG-IP Configuration utility. These flaws allow attackers to execute arbitrary JavaScript in the browser context of authenticated users. This exposure can lead to unauthorized actions and data breaches, highlighting the importance of maintaining robust security measures and applying any necessary patches promptly.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BIG-IP 17.1.0 < 17.1.0.1

BIG-IP 17.0.0

BIG-IP 16.1.0 < 16.1.3.4

References

https://my.f5.com/manage/s/article/K000132726

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2023
Vulnerability Reserved
Apr 14, 2023

Credit

F5 acknowledges Yuya Chudo of Secureworks Japan K. K. for bringing this issue to our attention and following the highest standards of coordinated disclosure.

JSON

F5

What is CVE-2023-27378?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.