Lucene search

[email protected]NVD:CVE-2023-27378

HistoryMay 03, 2023 - 3:15 p.m.

CVE-2023-27378

2023-05-0315:15:12

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-27378

xss

big-ip configuration

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

18.2%

JSON

Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected configurations

Nvd

Node

f5big-ip_access_policy_managerRange13.1.0–13.1.5

f5big-ip_access_policy_managerRange14.1.0–14.1.5.4

f5big-ip_access_policy_managerRange15.1.0–15.1.8.2

f5big-ip_access_policy_managerRange16.1.0–16.1.3.4

f5big-ip_access_policy_managerRange17.0.0–17.1.0.1

f5big-ip_advanced_firewall_managerRange13.1.0–13.1.5

f5big-ip_advanced_firewall_managerRange14.1.0–14.1.5.4

f5big-ip_advanced_firewall_managerRange15.1.0–15.1.8.2

f5big-ip_advanced_firewall_managerRange16.1.0–16.1.3.4

f5big-ip_advanced_firewall_managerRange17.0.0–17.1.0.1

f5big-ip_advanced_web_application_firewallRange13.1.0–13.1.5

f5big-ip_advanced_web_application_firewallRange14.1.0–14.1.5.4

f5big-ip_advanced_web_application_firewallRange15.1.0–15.1.8.2

f5big-ip_advanced_web_application_firewallRange16.1.0–16.1.3.4

f5big-ip_advanced_web_application_firewallRange17.0.0–17.1.0.1

f5big-ip_analyticsRange13.1.0–13.1.5

f5big-ip_analyticsRange14.1.0–14.1.5.4

f5big-ip_analyticsRange15.1.0–15.1.8.2

f5big-ip_analyticsRange16.1.0–16.1.3.4

f5big-ip_analyticsRange17.0.0–17.1.0.1

f5big-ip_application_acceleration_managerRange13.1.0–13.1.5

f5big-ip_application_acceleration_managerRange14.1.0–14.1.5.4

f5big-ip_application_acceleration_managerRange15.1.0–15.1.8.2

f5big-ip_application_acceleration_managerRange16.1.0–16.1.3.4

f5big-ip_application_acceleration_managerRange17.0.0–17.1.0.1

f5big-ip_application_security_managerRange13.1.0–13.1.5

f5big-ip_application_security_managerRange14.1.0–14.1.5.4

f5big-ip_application_security_managerRange15.1.0–15.1.8.2

f5big-ip_application_security_managerRange16.1.0–16.1.3.4

f5big-ip_application_security_managerRange17.0.0–17.1.0.1

f5big-ip_application_visibility_and_reportingRange13.1.0–13.1.5

f5big-ip_application_visibility_and_reportingRange14.1.0–14.1.5.4

f5big-ip_application_visibility_and_reportingRange15.1.0–15.1.8.2

f5big-ip_application_visibility_and_reportingRange16.1.0–16.1.3.4

f5big-ip_application_visibility_and_reportingRange17.0.0–17.1.0.1

f5big-ip_carrier-grade_natRange13.1.0–13.1.5

f5big-ip_carrier-grade_natRange14.1.0–14.1.5.4

f5big-ip_carrier-grade_natRange15.1.0–15.1.8.2

f5big-ip_carrier-grade_natRange16.1.0–16.1.3.4

f5big-ip_carrier-grade_natRange17.0.0–17.1.0.1

f5big-ip_ddos_hybrid_defenderRange13.1.0–13.1.5

f5big-ip_ddos_hybrid_defenderRange14.1.0–14.1.5.4

f5big-ip_ddos_hybrid_defenderRange15.1.0–15.1.8.2

f5big-ip_ddos_hybrid_defenderRange16.1.0–16.1.3.4

f5big-ip_ddos_hybrid_defenderRange17.0.0–17.1.0.1

f5big-ip_domain_name_systemRange13.1.0–13.1.5

f5big-ip_domain_name_systemRange14.1.0–14.1.5.4

f5big-ip_domain_name_systemRange15.1.0–15.1.8.2

f5big-ip_domain_name_systemRange16.1.0–16.1.3.4

f5big-ip_domain_name_systemRange17.0.0–17.1.0.1

f5big-ip_edge_gatewayRange13.1.0–13.1.5

f5big-ip_edge_gatewayRange14.1.0–14.1.5.4

f5big-ip_edge_gatewayRange15.1.0–15.1.8.2

f5big-ip_edge_gatewayRange16.1.0–16.1.3.4

f5big-ip_edge_gatewayRange17.0.0–17.1.0.1

f5big-ip_fraud_protection_serviceRange13.1.0–13.1.5

f5big-ip_fraud_protection_serviceRange14.1.0–14.1.5.4

f5big-ip_fraud_protection_serviceRange15.1.0–15.1.8.2

f5big-ip_fraud_protection_serviceRange16.1.0–16.1.3.4

f5big-ip_fraud_protection_serviceRange17.0.0–17.1.0.1

f5big-ip_global_traffic_managerRange13.1.0–13.1.5

f5big-ip_global_traffic_managerRange14.1.0–14.1.5.4

f5big-ip_global_traffic_managerRange15.1.0–15.1.8.2

f5big-ip_global_traffic_managerRange16.1.0–16.1.3.4

f5big-ip_global_traffic_managerRange17.0.0–17.1.0.1

f5big-ip_link_controllerRange13.1.0–13.1.5

f5big-ip_link_controllerRange14.1.0–14.1.5.4

f5big-ip_link_controllerRange15.1.0–15.1.8.2

f5big-ip_link_controllerRange16.1.0–16.1.3.4

f5big-ip_link_controllerRange17.0.0–17.1.0.1

f5big-ip_local_traffic_managerRange13.1.0–13.1.5

f5big-ip_local_traffic_managerRange14.1.0–14.1.5.4

f5big-ip_local_traffic_managerRange15.1.0–15.1.8.2

f5big-ip_local_traffic_managerRange16.1.0–16.1.3.4

f5big-ip_local_traffic_managerRange17.0.0–17.1.0.1

f5big-ip_policy_enforcement_managerRange13.1.0–13.1.5

f5big-ip_policy_enforcement_managerRange14.1.0–14.1.5.4

f5big-ip_policy_enforcement_managerRange15.1.0–15.1.8.2

f5big-ip_policy_enforcement_managerRange16.1.0–16.1.3.4

f5big-ip_policy_enforcement_managerRange17.0.0–17.1.0.1

f5big-ip_ssl_orchestratorRange13.1.0–13.1.5

f5big-ip_ssl_orchestratorRange14.1.0–14.1.5.4

f5big-ip_ssl_orchestratorRange15.1.0–15.1.8.2

f5big-ip_ssl_orchestratorRange16.1.0–16.1.3.4

f5big-ip_ssl_orchestratorRange17.0.0–17.1.0.1

f5big-ip_webacceleratorRange13.1.0–13.1.5

f5big-ip_webacceleratorRange14.1.0–14.1.5.4

f5big-ip_webacceleratorRange15.1.0–15.1.8.2

f5big-ip_webacceleratorRange16.1.0–16.1.3.4

f5big-ip_webacceleratorRange17.0.0–17.1.0.1

f5big-ip_websafeRange13.1.0–13.1.5

f5big-ip_websafeRange14.1.0–14.1.5.4

f5big-ip_websafeRange15.1.0–15.1.8.2

f5big-ip_websafeRange16.1.0–16.1.3.4

f5big-ip_websafeRange17.0.0–17.1.0.1

VendorProductVersionCPE
f5big-ip_access_policy_manager*cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager*cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
f5big-ip_advanced_web_application_firewall*cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
f5big-ip_analytics*cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
f5big-ip_application_acceleration_manager*cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
f5big-ip_application_security_manager*cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
f5big-ip_application_visibility_and_reporting*cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*
f5big-ip_carrier-grade_nat*cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*
f5big-ip_ddos_hybrid_defender*cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
f5big-ip_domain_name_system*cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	big-ip_access_policy_manager	*	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
f5	big-ip_advanced_firewall_manager	*	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
f5	big-ip_advanced_web_application_firewall	*	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
f5	big-ip_analytics	*	cpe:2.3:a:f5:big-ip_analytics::::::::
f5	big-ip_application_acceleration_manager	*	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
f5	big-ip_application_security_manager	*	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
f5	big-ip_application_visibility_and_reporting	*	cpe:2.3:a:f5:big-ip_application_visibility_and_reporting::::::::
f5	big-ip_carrier-grade_nat	*	cpe:2.3:a:f5:big-ip_carrier-grade_nat::::::::
f5	big-ip_ddos_hybrid_defender	*	cpe:2.3:a:f5:big-ip_ddos_hybrid_defender::::::::
f5	big-ip_domain_name_system	*	cpe:2.3:a:f5:big-ip_domain_name_system::::::::