CVE-2018-15312

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 12.1.0 through 12.1.3.6 F5 BIG-IP versions 13.0.0 through 13.1.1.1

Description A reflected Cross-Site Scripting (XSS) issue exists in an undisclosed page of the BIG-IP Configuration utility, allowing an authenticated user to execute JavaScript for the currently logged-in user.

Recommendations For F5 BIG-IP versions 12.1.0 through 12.1.3.6, update to a version outside of this range to resolve the issue. For F5 BIG-IP versions 13.0.0 through 13.1.1.1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the BIG-IP Configuration utility to minimize the risk of exploitation.