F5SOL8602SOL8602 - Cross-site scripting (XSS) vulnerability viewing logs from the web management interface
0.023 Low
EPSS
Percentile
89.7%
To prevent exposure to this vulnerability do not select any unknown or suspicious content when viewing log files using the BIG-IP or Enterprise Manager web management interface. To view log files from the command line, access the device using an SSH client.
Note: Because exploitation of this vulnerability requires an authenticated user, F5 considers this to be a local vulnerability.
F5 Product Development tracked this issue as CR96889, and it was fixed in BIG-IP 10.0.0 and Enterprise Manager 1.8.0. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, PSM, Link Controller, WebAccelerator or Enterprise Manager release notes.
For additional information about this advisory, refer to the following articles:
<http://www.securityfocus.com/archive/1/489991>
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7032>
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip gtm | le | 9.4.8 | |
| big-ip ltm | le | 9.6.1 | |
| big-ip asm | le | 9.4.8 | |
| big-ip webaccelerator | le | 9.4.8 | |
| big-ip psm | le | 9.4.8 | |
| enterprise manager | le | 1.7.0 | |
| big-ip link controller | le | 9.4.8 |
Related
