cbcvebase.
CVE-2023-27378
published 2023-05-03

CVE-2023-27378: Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run…

medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected

120 ranges· showing 25
VendorProductVersion rangeFixed in
f5big-ip>= 13.1.0 < **
f5big-ip>= 14.1.0 < 14.1.5.414.1.5.4
f5big-ip>= 15.1.0 < 15.1.8.215.1.8.2
f5big-ip>= 16.1.0 < 16.1.3.416.1.3.4
f5big-ip>= 17.0.0 < **
f5big-ip>= 17.1.0 < 17.1.0.117.1.0.1
f5big-ip_aam
f5big-ip_access_policy_manager13.1.0 – 13.1.5
f5big-ip_access_policy_manager>= 14.1.0 < 14.1.5.414.1.5.4
f5big-ip_access_policy_manager>= 15.1.0 < 15.1.8.215.1.8.2
f5big-ip_access_policy_manager>= 16.1.0 < 16.1.3.416.1.3.4
f5big-ip_access_policy_manager>= 17.0.0 < 17.1.0.117.1.0.1
f5big-ip_advanced_firewall_manager13.1.0 – 13.1.5
f5big-ip_advanced_firewall_manager>= 14.1.0 < 14.1.5.414.1.5.4
f5big-ip_advanced_firewall_manager>= 15.1.0 < 15.1.8.215.1.8.2
f5big-ip_advanced_firewall_manager>= 16.1.0 < 16.1.3.416.1.3.4
f5big-ip_advanced_firewall_manager>= 17.0.0 < 17.1.0.117.1.0.1
f5big-ip_advanced_waf
f5big-ip_advanced_web_application_firewall13.1.0 – 13.1.5
f5big-ip_advanced_web_application_firewall>= 14.1.0 < 14.1.5.414.1.5.4
f5big-ip_advanced_web_application_firewall>= 15.1.0 < 15.1.8.215.1.8.2
f5big-ip_advanced_web_application_firewall>= 16.1.0 < 16.1.3.416.1.3.4
f5big-ip_advanced_web_application_firewall>= 17.0.0 < 17.1.0.117.1.0.1
f5big-ip_afm
f5big-ip_analytics