Unrated severityNVD Advisory· Published Mar 13, 2019· Updated Sep 16, 2024
CVE-2019-6600
CVE-2019-6600
Description
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients.
Affected products
2- F5, Inc./Big Ip (ltm, Aam, Afm, Analytics, Apm, Asm, DNS, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator)cpe-rescueRange: 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, 11.5.1-11.5.8
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/107470mitrevdb-entryx_refsource_BID
- support.f5.com/csp/article/K23734425mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.