PT-2024-32431 · F5 · Big-Iq
Published
2024-10-16
·
Updated
2025-08-06
·
CVE-2024-47139
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
BIG-IQ versions prior to 8.2.0.1
BIG-IQ versions prior to 8.3.0
Description
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility. This issue allows an attacker with the Administrator role to run JavaScript in the context of the currently logged-in user, potentially allowing them to inject malicious code and take control of user accounts.
Recommendations
For versions prior to 8.2.0.1, update to version 8.2.0.1 or later.
For versions prior to 8.3.0, update to version 8.3.0 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Big-Iq