CVE-2024-47139

CWE-804 documents4 sources

Severity

4.8MEDIUM

EPSS

0.8%

top 26.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-iq F5 Big-iq Centralized Management

Timeline

PublishedOct 16

Description

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the Administrator role to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected Packages2 packages

▶CVEListV5f5/big-iq8.0 — 8.2.0.1

▶NVDf5/big-iq_centralized_management8.2.0

🔴Vulnerability Details

GHSA

GHSA-mhrc-c9xr-f633: A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the A↗2024-10-16

▶

CVEList

F5 BIG-IQ Vulnerability↗2024-10-16

▶

📋Vendor Advisories

CVE-2024-47139: A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility t...↗2024-10-16

▶