CVE-2016-7469

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 49.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +13 more

Timeline

PublishedJun 9

Latest updateMay 14

Description

A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages16 packages

▶NVDf5/big-ip_edge_gateway11.2.1

▶NVDf5/big-ip_link_controller14 versions+13

▶NVDf5/big-ip_websafe6 versions+5

▶NVDf5/big-ip_analytics14 versions+13

▶NVDf5/big-ip_webaccelerator11.2.1

🔴Vulnerability Details

GHSA

GHSA-j3wv-r8m8-mxcg: A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, D↗2022-05-14

▶

CVEList

CVE-2016-7469: A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, D↗2017-06-09

▶

📋Vendor Advisories

CVE-2016-7469: A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM,...↗2017-06-09

▶