PT-2021-15312 · F5 · Big-Ip
Published
2021-02-12
·
Updated
2021-02-19
·
CVE-2021-22979
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
BIG-IP versions 12.1.x
BIG-IP versions 13.1.x before 13.1.3.5
BIG-IP versions 14.1.x before 14.1.2.8
BIG-IP versions 15.1.x before 15.1.1
BIG-IP versions 16.0.x before 16.0.1
Description
A reflected Cross-Site Scripting (XSS) issue exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned. This allows an attacker to execute JavaScript in the context of the current logged-in user.
Recommendations
For BIG-IP version 12.1.x, update to a version after 12.1.x.
For BIG-IP version 13.1.x before 13.1.3.5, update to version 13.1.3.5 or later.
For BIG-IP version 14.1.x before 14.1.2.8, update to version 14.1.2.8 or later.
For BIG-IP version 15.1.x before 15.1.1, update to version 15.1.1 or later.
For BIG-IP version 16.0.x before 16.0.1, update to version 16.0.1 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Big-Ip