CVE-2014-3959

Name of the Vulnerable Software and Affected Versions F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller versions 11.2.1 through 11.5.1 F5 AAM versions 11.4.0 through 11.5.1 F5 PEM versions 11.3.0 through 11.5.1 F5 PSM versions 11.2.1 through 11.4.1 F5 WebAccelerator and WOM versions 11.2.1 through 11.3.0 F5 Enterprise Manager versions 3.0.0 through 3.1.1

Description A cross-site scripting (XSS) issue exists in the list.jsp file of the Configuration utility, allowing remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Recommendations For F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller versions 11.2.1 through 11.5.1, update to a version outside of this range to resolve the issue. For F5 AAM versions 11.4.0 through 11.5.1, update to a version outside of this range to resolve the issue. For F5 PEM versions 11.3.0 through 11.5.1, update to a version outside of this range to resolve the issue. For F5 PSM versions 11.2.1 through 11.4.1, update to a version outside of this range to resolve the issue. For F5 WebAccelerator and WOM versions 11.2.1 through 11.3.0, update to a version outside of this range to resolve the issue. For F5 Enterprise Manager versions 3.0.0 through 3.1.1, update to a version outside of this range to resolve the issue.