K46401178 : BIG-IP Configuration utility vulnerability CVE-2019-6599

2019-03-1100:00:00

my.f5.com

0.001 Low

EPSS

Percentile

36.2%

JSON

Security Advisory Description

Improper escaping of values in an undisclosed page of the BIG-IP Configuration utility may result in an improper handling on the JSON response when it is injected by a malicious script through a remote cross-site scripting (XSS) attack. (CVE-2019-6599)

Impact

BIG-IP and Enterprise Manager

This vulnerability can be exploited by a malicious script, causing the content of the affected pages to become inaccessible or corrupt for the BIG-IP APM and Enterprise Manager Configuration utilities.

BIG-IQ, F5 iWorkflow, and Traffix SDC

There is no impact for these F5 products; they are not affected by this vulnerability.

CPENameOperatorVersion
big-iq centralized managementeq4.6.0
big-iq centralized managementeq5.0.0
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-ip afmeq11.5.1
big-ip afmeq11.5.2

Name	Operator	Version
big-iq centralized management	eq	4.6.0
big-iq centralized management	eq	5.0.0
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2

Rows per page:

1-10 of 2261

0.001 Low

EPSS

Percentile

36.2%

JSON

Related for F5:K46401178