A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable.
No CVSS v3.1
Attack Vector Network
Attack Complexity Low
Privileges Required Low
Scope Changed
Confidentiality Impact Low
Integrity Impact Low
Availability Impact None
User Interaction Required
Access Vector Network
Access Complexity Medium
Authentication Single
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
AV:N/AC:M/Au:S/C:N/I:P/A:N
Vendors | Products |
---|---|
F5 |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
|
Configuration 9 [-]
|
Configuration 10 [-]
|
Configuration 11 [-]
|
Configuration 12 [-]
|
Configuration 13 [-]
|
Configuration 14 [-]
|
Configuration 15 [-]
|
Configuration 16 [-]
|
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/95320 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1037559 | |
http://www.securitytracker.com/id/1037560 | |
https://support.f5.com/csp/article/K97285349 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: f5
Published: 2017-06-09T15:00:00
Updated: 2017-07-26T09:57:01
Reserved: 2016-09-09T00:00:00
Link: CVE-2016-7469
JSON object: View
NVD Information
Status : Modified
Published: 2017-06-09T15:29:00.180
Modified: 2019-06-06T15:11:36.407
Link: CVE-2016-7469
JSON object: View
Redhat Information
No data.
CWE