CVE-2019-6600

2019-03-13T22:29:00
ID CVE-2019-6600
Type cve
Reporter cve@mitre.org
Modified 2019-03-21T16:01:00

Description

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients.