Lucene search
HistoryMay 05, 2022 - 5:15 p.m.
CVE-2022-27878
cve
2022
27878
f5
big-ip
xss
vulnerability
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.9%
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Affected configurations
Node
f5big-ip_access_policy_managerMatch13.1.0
ORf5big-ip_access_policy_managerMatch13.1.1
ORf5big-ip_access_policy_managerMatch13.1.3
ORf5big-ip_access_policy_managerMatch13.1.4
ORf5big-ip_access_policy_managerMatch13.1.5
ORf5big-ip_access_policy_managerMatch14.1.0
ORf5big-ip_access_policy_managerMatch14.1.2
ORf5big-ip_access_policy_managerMatch14.1.3
ORf5big-ip_access_policy_managerMatch14.1.4
ORf5big-ip_access_policy_managerMatch15.1.0
ORf5big-ip_access_policy_managerMatch15.1.1
ORf5big-ip_access_policy_managerMatch15.1.2
ORf5big-ip_access_policy_managerMatch15.1.3
ORf5big-ip_access_policy_managerMatch15.1.4
ORf5big-ip_access_policy_managerMatch15.1.5
ORf5big-ip_access_policy_managerMatch16.1.0
ORf5big-ip_access_policy_managerMatch16.1.1
ORf5big-ip_access_policy_managerMatch16.1.2
ORf5big-ip_advanced_firewall_managerMatch13.1.0
ORf5big-ip_advanced_firewall_managerMatch13.1.1
ORf5big-ip_advanced_firewall_managerMatch13.1.3
ORf5big-ip_advanced_firewall_managerMatch13.1.4
ORf5big-ip_advanced_firewall_managerMatch13.1.5
ORf5big-ip_advanced_firewall_managerMatch14.1.0
ORf5big-ip_advanced_firewall_managerMatch14.1.2
ORf5big-ip_advanced_firewall_managerMatch14.1.3
ORf5big-ip_advanced_firewall_managerMatch14.1.4
ORf5big-ip_advanced_firewall_managerMatch15.1.0
ORf5big-ip_advanced_firewall_managerMatch15.1.1
ORf5big-ip_advanced_firewall_managerMatch15.1.2
ORf5big-ip_advanced_firewall_managerMatch15.1.3
ORf5big-ip_advanced_firewall_managerMatch15.1.4
ORf5big-ip_advanced_firewall_managerMatch15.1.5
ORf5big-ip_advanced_firewall_managerMatch16.1.0
ORf5big-ip_advanced_firewall_managerMatch16.1.1
ORf5big-ip_advanced_firewall_managerMatch16.1.2
ORf5big-ip_analyticsMatch13.1.0
ORf5big-ip_analyticsMatch13.1.1
ORf5big-ip_analyticsMatch13.1.3
ORf5big-ip_analyticsMatch13.1.4
ORf5big-ip_analyticsMatch13.1.5
ORf5big-ip_analyticsMatch14.1.0
ORf5big-ip_analyticsMatch14.1.2
ORf5big-ip_analyticsMatch14.1.3
ORf5big-ip_analyticsMatch14.1.4
ORf5big-ip_analyticsMatch15.1.0
ORf5big-ip_analyticsMatch15.1.1
ORf5big-ip_analyticsMatch15.1.2
ORf5big-ip_analyticsMatch15.1.3
ORf5big-ip_analyticsMatch15.1.4
ORf5big-ip_analyticsMatch15.1.5
ORf5big-ip_analyticsMatch16.1.0
ORf5big-ip_analyticsMatch16.1.1
ORf5big-ip_analyticsMatch16.1.2
ORf5big-ip_application_acceleration_managerMatch13.1.0
ORf5big-ip_application_acceleration_managerMatch13.1.1
ORf5big-ip_application_acceleration_managerMatch13.1.3
ORf5big-ip_application_acceleration_managerMatch13.1.4
ORf5big-ip_application_acceleration_managerMatch13.1.5
ORf5big-ip_application_acceleration_managerMatch14.1.0
ORf5big-ip_application_acceleration_managerMatch14.1.2
ORf5big-ip_application_acceleration_managerMatch14.1.3
ORf5big-ip_application_acceleration_managerMatch14.1.4
ORf5big-ip_application_acceleration_managerMatch15.1.0
ORf5big-ip_application_acceleration_managerMatch15.1.1
ORf5big-ip_application_acceleration_managerMatch15.1.2
ORf5big-ip_application_acceleration_managerMatch15.1.3
ORf5big-ip_application_acceleration_managerMatch15.1.4
ORf5big-ip_application_acceleration_managerMatch15.1.5
ORf5big-ip_application_acceleration_managerMatch16.1.0
ORf5big-ip_application_acceleration_managerMatch16.1.1
ORf5big-ip_application_acceleration_managerMatch16.1.2
ORf5big-ip_application_security_managerMatch13.1.0
ORf5big-ip_application_security_managerMatch13.1.1
ORf5big-ip_application_security_managerMatch13.1.3
ORf5big-ip_application_security_managerMatch13.1.4
ORf5big-ip_application_security_managerMatch13.1.5
ORf5big-ip_application_security_managerMatch14.1.0
ORf5big-ip_application_security_managerMatch14.1.2
ORf5big-ip_application_security_managerMatch14.1.3
ORf5big-ip_application_security_managerMatch14.1.4
ORf5big-ip_application_security_managerMatch15.1.0
ORf5big-ip_application_security_managerMatch15.1.1
ORf5big-ip_application_security_managerMatch15.1.2
ORf5big-ip_application_security_managerMatch15.1.3
ORf5big-ip_application_security_managerMatch15.1.4
ORf5big-ip_application_security_managerMatch15.1.5
ORf5big-ip_application_security_managerMatch16.1.0
ORf5big-ip_application_security_managerMatch16.1.1
ORf5big-ip_application_security_managerMatch16.1.2
ORf5big-ip_domain_name_systemMatch13.1.0
ORf5big-ip_domain_name_systemMatch13.1.1
ORf5big-ip_domain_name_systemMatch13.1.3
ORf5big-ip_domain_name_systemMatch13.1.4
ORf5big-ip_domain_name_systemMatch13.1.5
ORf5big-ip_domain_name_systemMatch14.1.0
ORf5big-ip_domain_name_systemMatch14.1.2
ORf5big-ip_domain_name_systemMatch14.1.3
ORf5big-ip_domain_name_systemMatch14.1.4
ORf5big-ip_domain_name_systemMatch15.1.0
ORf5big-ip_domain_name_systemMatch15.1.1
ORf5big-ip_domain_name_systemMatch15.1.2
ORf5big-ip_domain_name_systemMatch15.1.3
ORf5big-ip_domain_name_systemMatch15.1.4
ORf5big-ip_domain_name_systemMatch15.1.5
ORf5big-ip_domain_name_systemMatch16.1.0
ORf5big-ip_domain_name_systemMatch16.1.1
ORf5big-ip_domain_name_systemMatch16.1.2
ORf5big-ip_fraud_protection_serviceMatch13.1.0
ORf5big-ip_fraud_protection_serviceMatch13.1.1
ORf5big-ip_fraud_protection_serviceMatch13.1.3
ORf5big-ip_fraud_protection_serviceMatch13.1.4
ORf5big-ip_fraud_protection_serviceMatch13.1.5
ORf5big-ip_fraud_protection_serviceMatch14.1.0
ORf5big-ip_fraud_protection_serviceMatch14.1.2
ORf5big-ip_fraud_protection_serviceMatch14.1.3
ORf5big-ip_fraud_protection_serviceMatch14.1.4
ORf5big-ip_fraud_protection_serviceMatch15.1.0
ORf5big-ip_fraud_protection_serviceMatch15.1.1
ORf5big-ip_fraud_protection_serviceMatch15.1.2
ORf5big-ip_fraud_protection_serviceMatch15.1.3
ORf5big-ip_fraud_protection_serviceMatch15.1.4
ORf5big-ip_fraud_protection_serviceMatch15.1.5
ORf5big-ip_fraud_protection_serviceMatch16.1.0
ORf5big-ip_fraud_protection_serviceMatch16.1.1
ORf5big-ip_fraud_protection_serviceMatch16.1.2
ORf5big-ip_global_traffic_managerMatch13.1.0
ORf5big-ip_global_traffic_managerMatch13.1.1
ORf5big-ip_global_traffic_managerMatch13.1.3
ORf5big-ip_global_traffic_managerMatch13.1.4
ORf5big-ip_global_traffic_managerMatch13.1.5
ORf5big-ip_global_traffic_managerMatch14.1.0
ORf5big-ip_global_traffic_managerMatch14.1.2
ORf5big-ip_global_traffic_managerMatch14.1.3
ORf5big-ip_global_traffic_managerMatch14.1.4
ORf5big-ip_global_traffic_managerMatch15.1.0
ORf5big-ip_global_traffic_managerMatch15.1.1
ORf5big-ip_global_traffic_managerMatch15.1.2
ORf5big-ip_global_traffic_managerMatch15.1.3
ORf5big-ip_global_traffic_managerMatch15.1.4
ORf5big-ip_global_traffic_managerMatch15.1.5
ORf5big-ip_global_traffic_managerMatch16.1.0
ORf5big-ip_global_traffic_managerMatch16.1.1
ORf5big-ip_global_traffic_managerMatch16.1.2
ORf5big-ip_link_controllerMatch13.1.0
ORf5big-ip_link_controllerMatch13.1.1
ORf5big-ip_link_controllerMatch13.1.3
ORf5big-ip_link_controllerMatch13.1.4
ORf5big-ip_link_controllerMatch13.1.5
ORf5big-ip_link_controllerMatch14.1.0
ORf5big-ip_link_controllerMatch14.1.2
ORf5big-ip_link_controllerMatch14.1.3
ORf5big-ip_link_controllerMatch14.1.4
ORf5big-ip_link_controllerMatch15.1.0
ORf5big-ip_link_controllerMatch15.1.1
ORf5big-ip_link_controllerMatch15.1.2
ORf5big-ip_link_controllerMatch15.1.3
ORf5big-ip_link_controllerMatch15.1.4
ORf5big-ip_link_controllerMatch15.1.5
ORf5big-ip_link_controllerMatch16.1.0
ORf5big-ip_link_controllerMatch16.1.1
ORf5big-ip_link_controllerMatch16.1.2
ORf5big-ip_local_traffic_managerMatch13.1.0
ORf5big-ip_local_traffic_managerMatch13.1.1
ORf5big-ip_local_traffic_managerMatch13.1.3
ORf5big-ip_local_traffic_managerMatch13.1.4
ORf5big-ip_local_traffic_managerMatch13.1.5
ORf5big-ip_local_traffic_managerMatch14.1.0
ORf5big-ip_local_traffic_managerMatch14.1.2
ORf5big-ip_local_traffic_managerMatch14.1.3
ORf5big-ip_local_traffic_managerMatch14.1.4
ORf5big-ip_local_traffic_managerMatch15.1.0
ORf5big-ip_local_traffic_managerMatch15.1.1
ORf5big-ip_local_traffic_managerMatch15.1.2
ORf5big-ip_local_traffic_managerMatch15.1.3
ORf5big-ip_local_traffic_managerMatch15.1.4
ORf5big-ip_local_traffic_managerMatch15.1.5
ORf5big-ip_local_traffic_managerMatch16.1.0
ORf5big-ip_local_traffic_managerMatch16.1.1
ORf5big-ip_local_traffic_managerMatch16.1.2
ORf5big-ip_policy_enforcement_managerMatch13.1.0
ORf5big-ip_policy_enforcement_managerMatch13.1.1
ORf5big-ip_policy_enforcement_managerMatch13.1.3
ORf5big-ip_policy_enforcement_managerMatch13.1.4
ORf5big-ip_policy_enforcement_managerMatch13.1.5
ORf5big-ip_policy_enforcement_managerMatch14.1.0
ORf5big-ip_policy_enforcement_managerMatch14.1.2
ORf5big-ip_policy_enforcement_managerMatch14.1.3
ORf5big-ip_policy_enforcement_managerMatch14.1.4
ORf5big-ip_policy_enforcement_managerMatch15.1.0
ORf5big-ip_policy_enforcement_managerMatch15.1.1
ORf5big-ip_policy_enforcement_managerMatch15.1.2
ORf5big-ip_policy_enforcement_managerMatch15.1.3
ORf5big-ip_policy_enforcement_managerMatch15.1.4
ORf5big-ip_policy_enforcement_managerMatch15.1.5
ORf5big-ip_policy_enforcement_managerMatch16.1.0
ORf5big-ip_policy_enforcement_managerMatch16.1.1
ORf5big-ip_policy_enforcement_managerMatch16.1.2
Node
f5big-ip_guided_configurationMatch6.0
ORf5big-ip_guided_configurationMatch7.0
ORf5big-ip_guided_configurationMatch8.0
CNA Affected
[
{
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"status": "affected",
"version": "16.1.x"
},
{
"status": "affected",
"version": "15.1.x"
},
{
"status": "affected",
"version": "14.1.x"
},
{
"status": "affected",
"version": "13.1.x"
},
{
"status": "affected",
"version": "12.1.x"
},
{
"status": "affected",
"version": "11.6.x"
},
{
"lessThan": "17.0.x*",
"status": "unaffected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"product": "BIG-IP Guided Configuration (GC)",
"vendor": "F5",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
nessus
nessus
F5 Networks BIG-IP : TMUI XSS vulnerability (K92807525)
2022-05-05 00:00:00
cvelist
cvelist
CVE-2022-27878
2022-05-04 00:00:00
f5
f5
K92807525 : TMUI XSS vulnerability CVE-2022-27878
2022-05-04 00:00:00
K55879220 : Overview of F5 vulnerabilities (May 2022)
2022-05-04 00:00:00
prion
prion
Cross site scripting
2022-05-05 17:15:00
cnvd
cnvd
F5 BIG-IP cross-site scripting vulnerability in multiple products
2022-05-07 00:00:00
nvd
nvd
CVE-2022-27878
2022-05-05 17:15:13
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.9%
Related for CVE-2022-27878