VYPR
Unrated severityNVD Advisory· Published Mar 28, 2019· Updated Aug 4, 2024

CVE-2019-6607

CVE-2019-6607

Description

On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration utility. In the worst case, an attacker can store a CSRF which results in code execution as the admin user.

Affected products

2
  • F5, Inc./Big IPllm-fuzzy
    Range: >=11.5.1 <=11.5.8, >=11.6.1 <=11.6.3, >=12.1.0 <=12.1.3, >=13.0.0 <=13.1.1.3, >=14.0.0 <=14.0.0.2
  • BIG-IP/BIG-IP (ASM)v5
    Range: 11.5.1-11.5.8

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.