CVE-2019-6589

Published Feb 14, 2019
Last updated 6 years ago
CVSS medium 6.1
Overview

Description: On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility.
Source: f5sirt@f5.com
NVD status: Analyzed
Risk scores

CVSS 3.0

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-79
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F9094D4-087E-45D8-AD7B-A2FA1BF1E2F8",
            "versionEndIncluding": "11.6.3.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB5D0E6B-7DB1-48F3-A1AE-2AC7B5EF778B",
            "versionEndIncluding": "12.1.3.7",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E08A936-5CB0-44D3-89B8-F768CD8AD264",
            "versionEndIncluding": "13.1.1.3",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3A526B1-EB66-497F-B8B5-45205781B323",
            "versionEndIncluding": "14.0.0.2",
            "versionStartIncluding": "14.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40C7F0AE-F55C-42D9-A6EF-1A0D53FFD4DE",
            "versionEndIncluding": "11.6.3.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDDA13E3-2F05-447F-9F03-63A1BFEC904B",
            "versionEndIncluding": "12.1.3.7",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26A1FB10-2614-4A8B-B31C-69E90EBB6EBB",
            "versionEndIncluding": "13.1.1.3",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51218200-4536-4ED9-AA9A-301E2B30B829",
            "versionEndIncluding": "14.0.0.2",
            "versionStartIncluding": "14.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41D7E35D-EAC4-4D00-BB52-19414EEDD286",
            "versionEndIncluding": "11.6.3.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBC6246F-635B-45F4-ACF1-CBEF25FEB2DF",
            "versionEndIncluding": "12.1.3.7",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89F0F227-3865-442E-8FC5-282DEA1FC528",
            "versionEndIncluding": "13.1.1.3",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9032E773-CAB2-4108-A86B-04A8383663BE",
            "versionEndIncluding": "14.0.0.2",
            "versionStartIncluding": "14.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39C62474-8F2E-4394-8B9E-FB06F8CE95C4",
            "versionEndIncluding": "11.6.3.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "007DDA3E-BAE5-4EC7-BECA-AB87CFEA1E87",
            "versionEndIncluding": "12.1.3.7",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1A16FC6-73F3-4D95-99A2-CAD5C3F7BD71",
            "versionEndIncluding": "13.1.1.3",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "224F2348-19DC-4242-8A1E-5F5BDCB86B9C",
            "versionEndIncluding": "14.0.0.2",
            "versionStartIncluding": "14.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76F51999-6742-445C-936B-C2873C5F27CB",
            "versionEndIncluding": "11.6.3.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64B57535-53C6-44FC-815D-531F3FB4797E",
            "versionEndIncluding": "12.1.3.7",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A33F717-7779-4998-B7D0-FEAD57F918EC",
            "versionEndIncluding": "13.1.1.3",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E021297A-FD19-446B-B526-7516503B6D24",
            "versionEndIncluding": "14.0.0.2",
            "versionStartIncluding": "14.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1090BF7A-7FF9-40F2-BBA4-8540372195D6",
            "versionEndIncluding": "11.6.3.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "768D6729-24D0-47C5-A905-9AF1E5ACBE85",
            "versionEndIncluding": "12.1.3.7",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52ABEB1F-5C4E-4CEE-8852-4D664BC320E6",
            "versionEndIncluding": "13.1.1.3",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4D3A77A-89E0-44DF-AA5B-EDEBCBB63060",
            "versionEndIncluding": "14.0.0.2",
            "versionStartIncluding": "14.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB32AD06-69AF-4289-B854-ED9141E76582",
            "versionEndIncluding": "11.6.3.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A694488-6397-4FBD-AC96-A05E83708E8B",
            "versionEndIncluding": "12.1.3.7",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F456E57C-9669-41CF-A1F7-C068FB7EC89F",
            "versionEndIncluding": "13.1.1.3",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D11EBE7-741F-4585-962F-99EAA29C1F0E",
            "versionEndIncluding": "14.0.0.2",
            "versionStartIncluding": "14.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D63E2912-58B9-4541-8E5D-993F73AB74F1",
            "versionEndIncluding": "11.6.3.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "056366BD-1F72-4DAF-8C0A-7B5C15054C8D",
            "versionEndIncluding": "12.1.3.7",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87AF9718-1B10-475C-B596-64A553C8502C",
            "versionEndIncluding": "13.1.1.3",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57F6C963-A1BF-4579-9345-D0207269577A",
            "versionEndIncluding": "14.0.0.2",
            "versionStartIncluding": "14.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C21FA11D-0C58-4DF7-85E0-5E8E7B1F14A8",
            "versionEndIncluding": "11.6.3.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "579E04C5-EDD5-457A-ADEE-9E3B7E2F17A4",
            "versionEndIncluding": "12.1.3.7",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7F21417-F817-462C-8CD8-E64623D45B9B",
            "versionEndIncluding": "13.1.1.3",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC6B989A-BA55-47F5-8269-D9FA435ECC29",
            "versionEndIncluding": "14.0.0.2",
            "versionStartIncluding": "14.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42E368FA-5A85-428E-B63D-FD027CD46E8E",
            "versionEndIncluding": "11.6.3.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECA81A2E-33BE-45A5-8148-1DF189FC9879",
            "versionEndIncluding": "12.1.3.7",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D09A0C39-32DF-4607-8712-8937CC6AF60A",
            "versionEndIncluding": "13.1.1.3",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F534EADF-DA49-4EDD-97F8-C4046E890D8B",
            "versionEndIncluding": "14.0.0.2",
            "versionStartIncluding": "14.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34EC5593-4293-4D2A-A110-25D371F3E281",
            "versionEndIncluding": "11.6.3.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63DBD5C1-EF87-43F5-A319-304D6C1849D2",
            "versionEndIncluding": "12.1.3.7",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29E6014A-CA29-408A-A7B2-13FBFD0694A8",
            "versionEndIncluding": "13.1.1.3",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0233F1B-2DDB-4B01-A549-E76C18BBC3F1",
            "versionEndIncluding": "14.0.0.2",
            "versionStartIncluding": "14.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6217D65D-B15B-426B-8692-BA461BB57663",
            "versionEndIncluding": "11.6.3.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF9BF9FD-3FFE-4185-A089-89100C0A446C",
            "versionEndIncluding": "12.1.3.7",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95A324A2-741F-497E-AA95-6A737FE9633E",
            "versionEndIncluding": "13.1.1.3",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90DBE74F-6E43-448F-9479-8FD75D5DCC22",
            "versionEndIncluding": "14.0.0.2",
            "versionStartIncluding": "14.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91F78D2C-DC7C-4B1C-AB44-3CB810240D42",
            "versionEndIncluding": "11.6.3.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DAD4844-D200-4615-8D75-BB2946A0E4F5",
            "versionEndIncluding": "12.1.3.7",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C81CBDB8-86A5-4A48-A7E1-F9B5239B6EAC",
            "versionEndIncluding": "13.1.1.3",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6ADE585-616C-4B40-A40C-EE97A8FAC653",
            "versionEndIncluding": "14.0.0.2",
            "versionStartIncluding": "14.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
