Lucene search
F5CVELIST:CVE-2021-22994HistoryMar 31, 2021 - 5:25 p.m.
CVE-2021-22994
2021-03-3117:25:07
f5
www.cve.org
7
big-ip
reflected xss
icontrol rest
admin role
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. This vulnerability is due to an incomplete fix for CVE-2020-5948. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
CNA Affected
[
{
"product": "BIG-IP",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, 11.6.x before 11.6.5.3"
}
]
}
]References
Related
prion
prion
Cross site scripting
2021-03-31 18:15:00
Cross site scripting
2020-12-11 19:15:00
nvd
nvd
CVE-2021-22994
2021-03-31 18:15:14
CVE-2020-5948
2020-12-11 19:15:13
cve
cve
CVE-2021-22994
2021-03-31 18:15:14
CVE-2020-5948
2020-12-11 19:15:13
nessus
nessus
F5 Networks BIG-IP : F5 TMUI XSS vulnerability (K66851119)
2021-03-10 00:00:00
F5 Networks BIG-IP : F5 TMUI XSS vulnerability (K42696541)
2020-12-11 00:00:00
f5
f5
K66851119 : F5 TMUI XSS vulnerability CVE-2021-22994
2021-03-10 00:00:00
K42696541 : F5 TMUI XSS vulnerability CVE-2020-5948
2020-12-11 00:00:00
K02566623 : Overview of F5 vulnerabilities (March 2021)
2021-03-10 00:00:00
cvelist
cvelist
CVE-2020-5948
2020-12-11 18:56:29
attackerkb
attackerkb
CVE-2020-5948 — F5 TMUI XSS vulnerability
2020-12-11 00:00:00
rapid7blog
rapid7blog