CVE-2019-6600
Published Mar 13, 2019
Last updated 2 years ago
Overview
- Description
- In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients.
- Source
- f5sirt@f5.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBAB68BD-C800-46A8-8FC7-87AAE84EE4C4",
"versionEndIncluding": "11.5.8",
"versionStartIncluding": "11.5.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4CB51FB1-FC08-4F55-BC17-24CB1C0FE2B2",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB5D0E6B-7DB1-48F3-A1AE-2AC7B5EF778B",
"versionEndIncluding": "12.1.3.7",
"versionStartIncluding": "12.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E08A936-5CB0-44D3-89B8-F768CD8AD264",
"versionEndIncluding": "13.1.1.3",
"versionStartIncluding": "13.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3A526B1-EB66-497F-B8B5-45205781B323",
"versionEndIncluding": "14.0.0.2",
"versionStartIncluding": "14.0.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8B08497-08EC-4841-A3CE-CD8ABFEF5776",
"versionEndIncluding": "11.5.8",
"versionStartIncluding": "11.5.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A0277EE-A98B-4CB2-8AAC-360214A9647D",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDDA13E3-2F05-447F-9F03-63A1BFEC904B",
"versionEndIncluding": "12.1.3.7",
"versionStartIncluding": "12.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26A1FB10-2614-4A8B-B31C-69E90EBB6EBB",
"versionEndIncluding": "13.1.1.3",
"versionStartIncluding": "13.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51218200-4536-4ED9-AA9A-301E2B30B829",
"versionEndIncluding": "14.0.0.2",
"versionStartIncluding": "14.0.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5CBAF023-ECDC-46AA-877C-FEC138154BF9",
"versionEndIncluding": "11.5.8",
"versionStartIncluding": "11.5.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5AB72DFA-FBCE-461B-A73E-EF654BFF8EBF",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBC6246F-635B-45F4-ACF1-CBEF25FEB2DF",
"versionEndIncluding": "12.1.3.7",
"versionStartIncluding": "12.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89F0F227-3865-442E-8FC5-282DEA1FC528",
"versionEndIncluding": "13.1.1.3",
"versionStartIncluding": "13.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9032E773-CAB2-4108-A86B-04A8383663BE",
"versionEndIncluding": "14.0.0.2",
"versionStartIncluding": "14.0.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AEF3D694-93F5-4929-A9C0-BC2D7E9C3252",
"versionEndIncluding": "11.5.8",
"versionStartIncluding": "11.5.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "271B1C02-7F5E-433A-A388-F295E252101C",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "007DDA3E-BAE5-4EC7-BECA-AB87CFEA1E87",
"versionEndIncluding": "12.1.3.7",
"versionStartIncluding": "12.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1A16FC6-73F3-4D95-99A2-CAD5C3F7BD71",
"versionEndIncluding": "13.1.1.3",
"versionStartIncluding": "13.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "224F2348-19DC-4242-8A1E-5F5BDCB86B9C",
"versionEndIncluding": "14.0.0.2",
"versionStartIncluding": "14.0.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5917BC9C-20D5-46B1-8CAE-FF13944A6826",
"versionEndIncluding": "11.5.8",
"versionStartIncluding": "11.5.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C89E928-8C7D-4E7B-A86B-E53ABB2113CC",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64B57535-53C6-44FC-815D-531F3FB4797E",
"versionEndIncluding": "12.1.3.7",
"versionStartIncluding": "12.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A33F717-7779-4998-B7D0-FEAD57F918EC",
"versionEndIncluding": "13.1.1.3",
"versionStartIncluding": "13.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E021297A-FD19-446B-B526-7516503B6D24",
"versionEndIncluding": "14.0.0.2",
"versionStartIncluding": "14.0.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E1A42AA-059E-48D2-8564-6886CB48C41A",
"versionEndIncluding": "11.5.8",
"versionStartIncluding": "11.5.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55256144-CC09-425D-824D-AE268E7969C4",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "768D6729-24D0-47C5-A905-9AF1E5ACBE85",
"versionEndIncluding": "12.1.3.7",
"versionStartIncluding": "12.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52ABEB1F-5C4E-4CEE-8852-4D664BC320E6",
"versionEndIncluding": "13.1.1.3",
"versionStartIncluding": "13.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B4D3A77A-89E0-44DF-AA5B-EDEBCBB63060",
"versionEndIncluding": "14.0.0.2",
"versionStartIncluding": "14.0.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46F0DF62-28F9-484D-92C3-737E1A709AE8",
"versionEndIncluding": "11.5.8",
"versionStartIncluding": "11.5.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15A7FAEE-A94E-4C34-BBA9-60C710022BC2",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A694488-6397-4FBD-AC96-A05E83708E8B",
"versionEndIncluding": "12.1.3.7",
"versionStartIncluding": "12.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F456E57C-9669-41CF-A1F7-C068FB7EC89F",
"versionEndIncluding": "13.1.1.3",
"versionStartIncluding": "13.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D11EBE7-741F-4585-962F-99EAA29C1F0E",
"versionEndIncluding": "14.0.0.2",
"versionStartIncluding": "14.0.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7325E534-6B65-49B8-988A-DE697261FF8E",
"versionEndIncluding": "11.5.8",
"versionStartIncluding": "11.5.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35540BC2-584A-468A-8864-017347167ABE",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "056366BD-1F72-4DAF-8C0A-7B5C15054C8D",
"versionEndIncluding": "12.1.3.7",
"versionStartIncluding": "12.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87AF9718-1B10-475C-B596-64A553C8502C",
"versionEndIncluding": "13.1.1.3",
"versionStartIncluding": "13.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57F6C963-A1BF-4579-9345-D0207269577A",
"versionEndIncluding": "14.0.0.2",
"versionStartIncluding": "14.0.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC16DB86-DCA7-4E8F-A14E-19CD56860700",
"versionEndIncluding": "11.5.8",
"versionStartIncluding": "11.5.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D53C119-D224-4605-AD47-151061C6D9F5",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "579E04C5-EDD5-457A-ADEE-9E3B7E2F17A4",
"versionEndIncluding": "12.1.3.7",
"versionStartIncluding": "12.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7F21417-F817-462C-8CD8-E64623D45B9B",
"versionEndIncluding": "13.1.1.3",
"versionStartIncluding": "13.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC6B989A-BA55-47F5-8269-D9FA435ECC29",
"versionEndIncluding": "14.0.0.2",
"versionStartIncluding": "14.0.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3ED5BCF6-E0BB-4EC9-B5E2-C4AF013BB074",
"versionEndIncluding": "11.5.8",
"versionStartIncluding": "11.5.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09234B7C-F2DB-4C52-B4A0-1698D5C975F2",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECA81A2E-33BE-45A5-8148-1DF189FC9879",
"versionEndIncluding": "12.1.3.7",
"versionStartIncluding": "12.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D09A0C39-32DF-4607-8712-8937CC6AF60A",
"versionEndIncluding": "13.1.1.3",
"versionStartIncluding": "13.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F534EADF-DA49-4EDD-97F8-C4046E890D8B",
"versionEndIncluding": "14.0.0.2",
"versionStartIncluding": "14.0.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18635B65-806D-4F10-A853-87F870E981F7",
"versionEndIncluding": "11.5.8",
"versionStartIncluding": "11.5.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81B3B2B4-B141-4413-BE6A-CB65188B20BB",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "63DBD5C1-EF87-43F5-A319-304D6C1849D2",
"versionEndIncluding": "12.1.3.7",
"versionStartIncluding": "12.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29E6014A-CA29-408A-A7B2-13FBFD0694A8",
"versionEndIncluding": "13.1.1.3",
"versionStartIncluding": "13.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0233F1B-2DDB-4B01-A549-E76C18BBC3F1",
"versionEndIncluding": "14.0.0.2",
"versionStartIncluding": "14.0.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "858B5DF1-A47F-467D-958D-77F5041BDB0A",
"versionEndIncluding": "11.5.8",
"versionStartIncluding": "11.5.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85DE1EA4-FD2C-4E73-B877-089AAC91DA40",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF9BF9FD-3FFE-4185-A089-89100C0A446C",
"versionEndIncluding": "12.1.3.7",
"versionStartIncluding": "12.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "95A324A2-741F-497E-AA95-6A737FE9633E",
"versionEndIncluding": "13.1.1.3",
"versionStartIncluding": "13.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90DBE74F-6E43-448F-9479-8FD75D5DCC22",
"versionEndIncluding": "14.0.0.2",
"versionStartIncluding": "14.0.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E52F2B50-314C-4F02-AF3B-EAF8109A5B04",
"versionEndIncluding": "11.5.8",
"versionStartIncluding": "11.5.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C60BEEB-E995-4BFB-8BEE-89EB2BCAE52F",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5DAD4844-D200-4615-8D75-BB2946A0E4F5",
"versionEndIncluding": "12.1.3.7",
"versionStartIncluding": "12.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C81CBDB8-86A5-4A48-A7E1-F9B5239B6EAC",
"versionEndIncluding": "13.1.1.3",
"versionStartIncluding": "13.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6ADE585-616C-4B40-A40C-EE97A8FAC653",
"versionEndIncluding": "14.0.0.2",
"versionStartIncluding": "14.0.0"
}
],
"operator": "OR"
}
]
}
]