CVE-2019-6589
Published Feb 14, 2019
Last updated 6 years ago
Overview
- Description
- On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility.
- Source
- f5sirt@f5.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F9094D4-087E-45D8-AD7B-A2FA1BF1E2F8", "versionEndIncluding": "11.6.3.2", "versionStartIncluding": "11.6.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB5D0E6B-7DB1-48F3-A1AE-2AC7B5EF778B", "versionEndIncluding": "12.1.3.7", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E08A936-5CB0-44D3-89B8-F768CD8AD264", "versionEndIncluding": "13.1.1.3", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3A526B1-EB66-497F-B8B5-45205781B323", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40C7F0AE-F55C-42D9-A6EF-1A0D53FFD4DE", "versionEndIncluding": "11.6.3.2", "versionStartIncluding": "11.6.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDDA13E3-2F05-447F-9F03-63A1BFEC904B", "versionEndIncluding": "12.1.3.7", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26A1FB10-2614-4A8B-B31C-69E90EBB6EBB", "versionEndIncluding": "13.1.1.3", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51218200-4536-4ED9-AA9A-301E2B30B829", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41D7E35D-EAC4-4D00-BB52-19414EEDD286", "versionEndIncluding": "11.6.3.2", "versionStartIncluding": "11.6.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBC6246F-635B-45F4-ACF1-CBEF25FEB2DF", "versionEndIncluding": "12.1.3.7", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89F0F227-3865-442E-8FC5-282DEA1FC528", "versionEndIncluding": "13.1.1.3", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9032E773-CAB2-4108-A86B-04A8383663BE", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39C62474-8F2E-4394-8B9E-FB06F8CE95C4", "versionEndIncluding": "11.6.3.2", "versionStartIncluding": "11.6.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "007DDA3E-BAE5-4EC7-BECA-AB87CFEA1E87", "versionEndIncluding": "12.1.3.7", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1A16FC6-73F3-4D95-99A2-CAD5C3F7BD71", "versionEndIncluding": "13.1.1.3", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "224F2348-19DC-4242-8A1E-5F5BDCB86B9C", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76F51999-6742-445C-936B-C2873C5F27CB", "versionEndIncluding": "11.6.3.2", "versionStartIncluding": "11.6.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64B57535-53C6-44FC-815D-531F3FB4797E", "versionEndIncluding": "12.1.3.7", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A33F717-7779-4998-B7D0-FEAD57F918EC", "versionEndIncluding": "13.1.1.3", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E021297A-FD19-446B-B526-7516503B6D24", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1090BF7A-7FF9-40F2-BBA4-8540372195D6", "versionEndIncluding": "11.6.3.2", "versionStartIncluding": "11.6.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "768D6729-24D0-47C5-A905-9AF1E5ACBE85", "versionEndIncluding": "12.1.3.7", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52ABEB1F-5C4E-4CEE-8852-4D664BC320E6", "versionEndIncluding": "13.1.1.3", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4D3A77A-89E0-44DF-AA5B-EDEBCBB63060", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB32AD06-69AF-4289-B854-ED9141E76582", "versionEndIncluding": "11.6.3.2", "versionStartIncluding": "11.6.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A694488-6397-4FBD-AC96-A05E83708E8B", "versionEndIncluding": "12.1.3.7", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F456E57C-9669-41CF-A1F7-C068FB7EC89F", "versionEndIncluding": "13.1.1.3", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D11EBE7-741F-4585-962F-99EAA29C1F0E", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D63E2912-58B9-4541-8E5D-993F73AB74F1", "versionEndIncluding": "11.6.3.2", "versionStartIncluding": "11.6.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "056366BD-1F72-4DAF-8C0A-7B5C15054C8D", "versionEndIncluding": "12.1.3.7", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87AF9718-1B10-475C-B596-64A553C8502C", "versionEndIncluding": "13.1.1.3", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57F6C963-A1BF-4579-9345-D0207269577A", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C21FA11D-0C58-4DF7-85E0-5E8E7B1F14A8", "versionEndIncluding": "11.6.3.2", "versionStartIncluding": "11.6.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "579E04C5-EDD5-457A-ADEE-9E3B7E2F17A4", "versionEndIncluding": "12.1.3.7", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7F21417-F817-462C-8CD8-E64623D45B9B", "versionEndIncluding": "13.1.1.3", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC6B989A-BA55-47F5-8269-D9FA435ECC29", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42E368FA-5A85-428E-B63D-FD027CD46E8E", "versionEndIncluding": "11.6.3.2", "versionStartIncluding": "11.6.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECA81A2E-33BE-45A5-8148-1DF189FC9879", "versionEndIncluding": "12.1.3.7", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D09A0C39-32DF-4607-8712-8937CC6AF60A", "versionEndIncluding": "13.1.1.3", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F534EADF-DA49-4EDD-97F8-C4046E890D8B", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34EC5593-4293-4D2A-A110-25D371F3E281", "versionEndIncluding": "11.6.3.2", "versionStartIncluding": "11.6.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63DBD5C1-EF87-43F5-A319-304D6C1849D2", "versionEndIncluding": "12.1.3.7", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29E6014A-CA29-408A-A7B2-13FBFD0694A8", "versionEndIncluding": "13.1.1.3", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0233F1B-2DDB-4B01-A549-E76C18BBC3F1", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6217D65D-B15B-426B-8692-BA461BB57663", "versionEndIncluding": "11.6.3.2", "versionStartIncluding": "11.6.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF9BF9FD-3FFE-4185-A089-89100C0A446C", "versionEndIncluding": "12.1.3.7", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95A324A2-741F-497E-AA95-6A737FE9633E", "versionEndIncluding": "13.1.1.3", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90DBE74F-6E43-448F-9479-8FD75D5DCC22", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91F78D2C-DC7C-4B1C-AB44-3CB810240D42", "versionEndIncluding": "11.6.3.2", "versionStartIncluding": "11.6.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DAD4844-D200-4615-8D75-BB2946A0E4F5", "versionEndIncluding": "12.1.3.7", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C81CBDB8-86A5-4A48-A7E1-F9B5239B6EAC", "versionEndIncluding": "13.1.1.3", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6ADE585-616C-4B40-A40C-EE97A8FAC653", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] } ]