K23734425 : BIG-IP Configuration utility vulnerability CVE-2019-6600

2019-03-1100:00:00

my.f5.com

0.001 Low

EPSS

Percentile

43.9%

JSON

Security Advisory Description

When remote authentication is enabled for administrative users and all external users are granted the “guest” role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients. (CVE-2019-6600)

Impact

BIG-IP

This vulnerability may lead to a cross-site scripting (XSS) attack against an unauthenticated client via the login Username field.

BIG-IQ, F5 iWorkflow, Enterprise Manager, and Traffix SDC

There is no impact for these F5 products; they are not affected by this vulnerability.

CPENameOperatorVersion
big-iq centralized managementeq4.6.0
big-iq centralized managementeq5.0.0
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-ip afmeq11.5.1

Name	Operator	Version
big-iq centralized management	eq	4.6.0
big-iq centralized management	eq	5.0.0
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-ip afm	eq	11.5.1

Rows per page:

1-10 of 2251

0.001 Low

EPSS

Percentile

43.9%

JSON

Related for F5:K23734425