CVE-2021-23054Cross-site Scripting in F5 Big-ip Access Policy Manager

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 36.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F5 Big-ip Access Policy ManagerF5 Big-ip APM
Timeline
PublishedSep 27
Latest updateMay 24

Description

On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDf5/big-ip_access_policy_manager14.1.014.1.4.4+5
CVEListV5f5/big-ip_apm16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x

🔴Vulnerability Details

2
GHSA
GHSA-vc3p-6px8-c3cx: On version 162022-05-24
CVEList
CVE-2021-23054: On version 162021-09-27

📋Vendor Advisories

1
F5
CVE-2021-23054: On version 162021-09-27
CVE-2021-23054 — Cross-site Scripting in F5 | cvebase