var-201410-0909
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AAM 11.4.0 before 11.6.0, AFM and PEM 11.3.0 before 11.6.0, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0 and 10.1.0 through 10.2.4, and PSM 11.0.0 through 11.4.1 and 10.1.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. plural F5 BIG-IP Product Configuration Utility tmui/dashboard/echo.jsp Contains a cross-site scripting vulnerability.By any third party Web Script or HTML May be inserted. Multiple F5 BIG-IP Products are prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. 0 to 11.4.1 and 10.1.0 to 10.2.4, Enterprise Manager 3.0.0 to 3.1.1 and 2.1.0 to 2.3.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-0909",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "10.1.0"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "11.5.0"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "10.2.3"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "10.2.0"
},
{
"model": "big-ip protocol security module",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip protocol security module",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip protocol security module",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.3"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "2.2.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip wan optimization manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.3"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "2.1.0"
},
{
"model": "big-ip protocol security module",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.0"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.0"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip protocol security module",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip wan optimization manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.0"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "3.0.0"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "3.1.1"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip protocol security module",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip wan optimization manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip protocol security module",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.1.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip protocol security module",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip protocol security module",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip protocol security module",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.3"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.3"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.1.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "2.3.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip protocol security module",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip wan optimization manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "3.1.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.3"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.0"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip wan optimization manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.1.0"
},
{
"model": "big-ip wan optimization manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.1.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.0"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.3"
},
{
"model": "big-ip wan optimization manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip protocol security module",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip wan optimization manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.3"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip wan optimization manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.3"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.0"
},
{
"model": "big-ip protocol security module",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip wan optimization manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.0"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.0"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip wan optimization manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "10.1.0 to 10.2.4"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "11.0.0 to 11.5.1"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "11.3.0 to 11.5.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "11.0.0 to 11.5.1"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "11.4.0 to 11.5.1"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "10.1.0 to 10.2.4"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "11.0.0 to 11.5.1"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "10.1.0 to 10.2.4"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "11.0.0 to 11.3.0"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "10.1.0 to 10.2.4"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "11.0.0 to 11.5.1"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "10.1.0 to 10.2.4"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "11.0.0 to 11.5.1"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "10.1.0 to 10.2.4"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "11.0.0 to 11.5.1"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "11.3.0 to 11.5.1"
},
{
"model": "big-ip protocol security module",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "10.1.0 to 10.2.4"
},
{
"model": "big-ip protocol security module",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "11.0.0 to 11.4.1"
},
{
"model": "big-ip wan optimization manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "10.1.0 to 10.2.4"
},
{
"model": "big-ip wan optimization manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "11.0.0 to 11.3.0"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "10.1.0 to 10.2.4"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "11.0.0 to 11.3.0"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "2.1.0 to 2.3.0"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "3.0.0 to 3.1.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005112"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-497"
},
{
"db": "NVD",
"id": "CVE-2014-4023"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:f5:big-ip_access_policy_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f5:big-ip_advanced_firewall_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f5:big-ip_analytics",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f5:big-ip_application_acceleration_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f5:big-ip_application_security_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f5:big-ip_edge_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f5:big-ip_global_traffic_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f5:big-ip_link_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f5:big-ip_local_traffic_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f5:big-ip_policy_enforcement_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f5:big-ip_protocol_security_module",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f5:big-ip_wan_optimization_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f5:big-ip_webaccelerator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:f5:enterprise_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005112"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stefan Viehb??ck",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-497"
}
],
"trust": 0.6
},
"cve": "CVE-2014-4023",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-4023",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-71963",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4023",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-4023",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-497",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71963",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71963"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005112"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-497"
},
{
"db": "NVD",
"id": "CVE-2014-4023"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AAM 11.4.0 before 11.6.0, AFM and PEM 11.3.0 before 11.6.0, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0 and 10.1.0 through 10.2.4, and PSM 11.0.0 through 11.4.1 and 10.1.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. plural F5 BIG-IP Product Configuration Utility tmui/dashboard/echo.jsp Contains a cross-site scripting vulnerability.By any third party Web Script or HTML May be inserted. Multiple F5 BIG-IP Products are prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. 0 to 11.4.1 and 10.1.0 to 10.2.4, Enterprise Manager 3.0.0 to 3.1.1 and 2.1.0 to 2.3.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4023"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005112"
},
{
"db": "BID",
"id": "69449"
},
{
"db": "VULHUB",
"id": "VHN-71963"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-71963",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71963"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4023",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1030776",
"trust": 1.1
},
{
"db": "BID",
"id": "69449",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005112",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201408-497",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "128034",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-71963",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71963"
},
{
"db": "BID",
"id": "69449"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005112"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-497"
},
{
"db": "NVD",
"id": "CVE-2014-4023"
}
]
},
"id": "VAR-201410-0909",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71963"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:14:08.505000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "sol15532: XSS vulnerability in echo.jsp CVE-2014-4023",
"trust": 0.8,
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/500/sol15532.html"
},
{
"title": "BIGIP-11.5.2.0.0.141",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55445"
},
{
"title": "Hotfix-BIGIP-11.5.1.6.0.159-HF6",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55444"
},
{
"title": "BIGIP-11.6.0.0.0.401",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55446"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005112"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-497"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71963"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005112"
},
{
"db": "NVD",
"id": "CVE-2014-4023"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/500/sol15532.html"
},
{
"trust": 1.1,
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140828-f5_big-ip_reflected_xss_v10.txt"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030776"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4023"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4023"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69449"
},
{
"trust": 0.3,
"url": "http://www.f5.com/products/big-ip/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71963"
},
{
"db": "BID",
"id": "69449"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005112"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-497"
},
{
"db": "NVD",
"id": "CVE-2014-4023"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71963"
},
{
"db": "BID",
"id": "69449"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005112"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-497"
},
{
"db": "NVD",
"id": "CVE-2014-4023"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-71963"
},
{
"date": "2014-08-28T00:00:00",
"db": "BID",
"id": "69449"
},
{
"date": "2014-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005112"
},
{
"date": "2014-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-497"
},
{
"date": "2014-10-28T14:55:05.987000",
"db": "NVD",
"id": "CVE-2014-4023"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-71963"
},
{
"date": "2014-08-28T00:00:00",
"db": "BID",
"id": "69449"
},
{
"date": "2014-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005112"
},
{
"date": "2014-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-497"
},
{
"date": "2015-08-28T15:49:41.780000",
"db": "NVD",
"id": "CVE-2014-4023"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-497"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural F5 BIG-IP Product Configuration Utility tmui/dashboard/echo.jsp Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005112"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-497"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.