BIG-IP TMUI XSS vulnerability
CVE-2023-27378
6.1MEDIUM
Summary
Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected Version(s)
BIG-IP < 17.1.0.1
BIG-IP < 17.0.0
BIG-IP < 16.1.3.4
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
F5 acknowledges Yuya Chudo of Secureworks Japan K. K. for bringing this issue to our attention and following the highest standards of coordinated disclosure.