CVE-2019-6636
Published Jul 3, 2019
Last updated 4 years ago
Overview
- Description
- On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. The level of user role which can perform this attack are resource administrator and administrator.
- Source
- f5sirt@f5.com
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8.4
- Impact score
- 6
- Exploitability score
- 1.7
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 8.5
- Impact score
- 10
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-352
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D527234-B78F-4D27-94B9-D9B69F44B47B",
"versionEndExcluding": "12.1.4.1",
"versionStartIncluding": "12.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F602F8C-9548-47C4-A15E-FE52FDC37BFA",
"versionEndExcluding": "13.1.1.5",
"versionStartIncluding": "13.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1334426-195B-4AAF-9246-CDEA7C7AA5AA",
"versionEndExcluding": "14.0.0.5",
"versionStartIncluding": "14.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F17BEFE-DE6D-4DE1-A209-EEDA683A2594",
"versionEndExcluding": "14.1.0.6",
"versionStartIncluding": "14.1.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DB7FE34-A859-4E99-AC3C-AA83BDEF96EB",
"versionEndExcluding": "12.1.4.1",
"versionStartIncluding": "12.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1209416-7A72-4B4E-B493-DCB1A04A39E1",
"versionEndExcluding": "13.1.1.5",
"versionStartIncluding": "13.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A313A6FD-0436-44B7-A4E9-F96FDE8224C9",
"versionEndExcluding": "14.0.0.5",
"versionStartIncluding": "14.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E65DCA8-A17D-4E31-B8FC-6180C3CC9807",
"versionEndExcluding": "14.1.0.6",
"versionStartIncluding": "14.1.0"
}
],
"operator": "OR"
}
]
}
]