CVE-2012-2975

2012-09-1118:55:01

CWE-79

certcc

web.nvd.nist.gov

cve-2012-2975

cross-site scripting

xss

asm

appliance

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

52.2%

JSON

Cross-site scripting (XSS) vulnerability in the traffic overview page on the F5 ASM appliance 10.0.0 through 11.2.0 HF2 allows remote attackers to inject arbitrary web script or HTML via crafted requests that are later listed on a summary page.

Affected configurations

Nvd

Node

f5application_security_manager_applianceMatch10.0.0

f5application_security_manager_applianceMatch11.2.0hf2

VendorProductVersionCPE
f5application_security_manager_appliance10.0.0cpe:2.3:h:f5:application_security_manager_appliance:10.0.0:*:*:*:*:*:*:*
f5application_security_manager_appliance11.2.0cpe:2.3:h:f5:application_security_manager_appliance:11.2.0:hf2:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	application_security_manager_appliance	10.0.0	cpe:2.3:h:f5:application_security_manager_appliance:10.0.0:::::::*
f5	application_security_manager_appliance	11.2.0	cpe:2.3:h:f5:application_security_manager_appliance:11.2.0:hf2::::::