PT-2019-18181 · F5 · F5 Big-Ip+1

Published

2019-03-13

Updated

2019-03-18

CVE-2019-6599

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.6.1 through 11.6.3.2 F5 BIG-IP versions 11.5.1 through 11.5.8 F5 Enterprise Manager version 3.1.1

Description The issue is related to improper escaping of values in an undisclosed page of the configuration utility. This can lead to improper handling of the JSON response when it is injected by a malicious script via a remote cross-site scripting (XSS) attack.

Recommendations For F5 BIG-IP versions 11.6.1 through 11.6.3.2, update to a version that includes the fix for this issue. For F5 BIG-IP versions 11.5.1 through 11.5.8, update to a version that includes the fix for this issue. For F5 Enterprise Manager version 3.1.1, update to a version that includes the fix for this issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-6599

Affected Products

F5 Big-Ip

F5 Enterprise Manager

PT-2019-18181 · F5 · F5 Big-Ip+1

CVE-2019-6599

Weakness Enumeration

Related Identifiers

Affected Products

References · 4