CVE-2023-38138

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
6.1MEDIUM
EPSS
0.5%
top 33.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
F5 Big-ipF5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall Manager+17 more
Timeline
PublishedAug 2

Description

A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages20 packages

CVEListV5f5/big-ip17.1.017.1.0.2+4
NVDf5/big-ip_websafe14.1.014.1.5.5+4
NVDf5/big-ip_analytics14.1.014.1.5.5+4
NVDf5/big-ip_edge_gateway14.1.014.1.5.5+4
NVDf5/big-ip_webaccelerator14.1.014.1.5.5+4

🔴Vulnerability Details

2
GHSA
GHSA-2654-qm47-j43q: A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run2023-08-02
CVEList
BIG-IP Configuration utility vulnerability2023-08-02

📋Vendor Advisories

1
F5
CVE-2023-38138: A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utilit...2023-08-02
CVE-2023-38138 (MEDIUM CVSS 6.1) | A reflected cross-site scripting (X | cvebase.io