CVE-2014-9342

Name of the Vulnerable Software and Affected Versions F5 BIG-IP version 11.3.0

Description A cross-site scripting (XSS) issue exists in the tree view feature of Application Security Manager (ASM) due to insufficient validation of user input. This allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation.

Recommendations For F5 BIG-IP version 11.3.0, consider restricting access to the tree view feature in ASM until a fix is available. As a temporary workaround, avoid using the crafted URLs that could trigger automatic policy generation with malicious input.