CVE-2019-6626

Published Jul 3, 2019

Last updated 6 years ago

CVSS medium 6.1

Overview

Description: On BIG-IP (AFM, Analytics, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.3.4, A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the Configuration utility.
Source: f5sirt@f5.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "195704A8-4911-4A61-8369-711D403052F1",
            "versionEndIncluding": "11.6.3",
            "versionStartIncluding": "11.5.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A60AA834-6C1E-4203-91DA-A2C8478A184F",
            "versionEndExcluding": "12.1.4.1",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F602F8C-9548-47C4-A15E-FE52FDC37BFA",
            "versionEndExcluding": "13.1.1.5",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1334426-195B-4AAF-9246-CDEA7C7AA5AA",
            "versionEndExcluding": "14.0.0.5",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F17BEFE-DE6D-4DE1-A209-EEDA683A2594",
            "versionEndExcluding": "14.1.0.6",
            "versionStartIncluding": "14.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DDE5A2D0-C268-4D2D-A001-AEC17E92B1DA",
            "versionEndIncluding": "11.6.3",
            "versionStartIncluding": "11.5.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "428FCCE2-10D7-42B2-AF25-8109BAB2A6E1",
            "versionEndExcluding": "12.1.4.1",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19CF4C32-368F-42B3-B1EE-C59CC12EF745",
            "versionEndExcluding": "13.1.1.5",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AAFFDA9-0202-4298-99A1-AD1651752636",
            "versionEndExcluding": "14.0.0.5",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE2E1785-E6F2-4ED9-9FE7-28CF56A916FA",
            "versionEndExcluding": "14.1.0.6",
            "versionStartIncluding": "14.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6EC3436-7FAE-4311-8103-7ADBAF40E1C1",
            "versionEndIncluding": "11.6.3",
            "versionStartIncluding": "11.5.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B50AFE19-77F8-4BCC-B287-E967497DF44A",
            "versionEndExcluding": "12.1.4.1",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1209416-7A72-4B4E-B493-DCB1A04A39E1",
            "versionEndExcluding": "13.1.1.5",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A313A6FD-0436-44B7-A4E9-F96FDE8224C9",
            "versionEndExcluding": "14.0.0.5",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E65DCA8-A17D-4E31-B8FC-6180C3CC9807",
            "versionEndExcluding": "14.1.0.6",
            "versionStartIncluding": "14.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References