Lucene search

K
cvelistF5CVELIST:CVE-2022-23008
HistoryJan 25, 2022 - 7:11 p.m.

CVE-2022-23008

2022-01-2519:11:19
CWE-94
f5
www.cve.org

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the β€œuser” or β€œadmin” role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CNA Affected

[
  {
    "product": "NGINX Controller API Management",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "3.18.0-3.19.0"
      }
    ]
  }
]

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

Related for CVELIST:CVE-2022-23008