CVE-2014-3959Cross-site Scripting in F5 Big-ip Access Policy Manager

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.9%
top 24.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+11 more
Timeline
PublishedJun 3
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages14 packages

NVDf5/enterprise_manager3.0.0, 3.1.1+1
NVDf5/big-ip_link_controller11.2.1, 11.5.1+1
NVDf5/big-ip_analytics11.2.1, 11.5.1+1
NVDf5/big-ip_webaccelerator11.2.1, 11.3.0+1
NVDf5/big-ip_access_policy_manager11.2.1, 11.5.1+1

🔴Vulnerability Details

2
GHSA
GHSA-mc89-36j8-f6g6: Cross-site scripting (XSS) vulnerability in list2022-05-17
CVEList
CVE-2014-3959: Cross-site scripting (XSS) vulnerability in list2014-06-03
CVE-2014-3959 — Cross-site Scripting in F5 | cvebase