PT-2019-18181 · F5 · F5 Big-Ip+1
Publicado
2019-03-13
·
Atualizado
2019-03-18
·
CVE-2019-6599
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions 11.6.1 through 11.6.3.2
F5 BIG-IP versions 11.5.1 through 11.5.8
F5 Enterprise Manager version 3.1.1
Description
The issue is related to improper escaping of values in an undisclosed page of the configuration utility. This can lead to improper handling of the JSON response when it is injected by a malicious script via a remote cross-site scripting (XSS) attack.
Recommendations
For F5 BIG-IP versions 11.6.1 through 11.6.3.2, update to a version that includes the fix for this issue.
For F5 BIG-IP versions 11.5.1 through 11.5.8, update to a version that includes the fix for this issue.
For F5 Enterprise Manager version 3.1.1, update to a version that includes the fix for this issue.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
F5 Big-Ip
F5 Enterprise Manager