cbcvebase.
CVE-2019-6600
published 2019-03-13

CVE-2019-6600: In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users…

medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients.

Affected

78 ranges· showing 25
VendorProductVersion rangeFixed in
f5big-ip_aam
f5big-ip_access_policy_manager11.5.1 – 11.5.8
f5big-ip_access_policy_manager11.6.1 – 11.6.3.2
f5big-ip_access_policy_manager12.1.0 – 12.1.3.7
f5big-ip_access_policy_manager13.0.0 – 13.1.1.3
f5big-ip_access_policy_manager14.0.0 – 14.0.0.2
f5big-ip_advanced_firewall_manager11.5.1 – 11.5.8
f5big-ip_advanced_firewall_manager11.6.1 – 11.6.3.2
f5big-ip_advanced_firewall_manager12.1.0 – 12.1.3.7
f5big-ip_advanced_firewall_manager13.0.0 – 13.1.1.3
f5big-ip_advanced_firewall_manager14.0.0 – 14.0.0.2
f5big-ip_afm
f5big-ip_analytics
f5big-ip_analytics11.5.1 – 11.5.8
f5big-ip_analytics11.6.1 – 11.6.3.2
f5big-ip_analytics12.1.0 – 12.1.3.7
f5big-ip_analytics13.0.0 – 13.1.1.3
f5big-ip_analytics14.0.0 – 14.0.0.2
f5big-ip_apm
f5big-ip_application_acceleration_manager11.5.1 – 11.5.8
f5big-ip_application_acceleration_manager11.6.1 – 11.6.3.2
f5big-ip_application_acceleration_manager12.1.0 – 12.1.3.7
f5big-ip_application_acceleration_manager13.0.0 – 13.1.1.3
f5big-ip_application_acceleration_manager14.0.0 – 14.0.0.2
f5big-ip_application_security_manager11.5.1 – 11.5.8