CVE-2019-6600 — Cross-site Scripting in F5 Big-ip Access Policy Manager
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 41.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 13
Latest updateMay 14
Description
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7