[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80130

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2016-7469

Date: (C)2017-06-13   (M)2017-12-07 


A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable.

CVSS Score: 3.5Access Vector: NETWORK
Exploit Score: 6.8Access Complexity: MEDIUM
Impact Score: 2.9Authentication: SINGLE_INSTANCE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE





Reference:
SECTRACK-1037559
SECTRACK-1037560
BID-95320
https://support.f5.com/csp/article/K97285349

CPE    105
cpe:/a:f5:big-ip_analytics:11.2.1
cpe:/a:f5:big-ip_access_policy_manager:11.4.0
cpe:/a:f5:big-ip_access_policy_manager:11.4.1
cpe:/a:f5:big-ip_wan_optimization_manager:11.2.1
...
CWE    1
CWE-79

© 2013 SecPod Technologies