CVE-2019-6639

2019-07-0318:26:41

www.cve.org

0.001 Low

EPSS

Percentile

22.1%

JSON

On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting (XSS) issue. This is a control plane issue only and is not accessible from the data plane. The attack requires a malicious resource administrator to store the XSS.

CNA Affected

[
  {
    "product": "BIG-IP (AFM, PEM)",
    "vendor": "F5",
    "versions": [
      {
        "status": "affected",
        "version": "BIG-IP (AFM"
      },
      {
        "status": "affected",
        "version": "PEM) 14.1.0-14.1.0.5"
      },
      {
        "status": "affected",
        "version": "14.0.0-14.0.0.4"
      },
      {
        "status": "affected",
        "version": "13.0.0-13.1.1.4"
      },
      {
        "status": "affected",
        "version": "12.1.0-12.1.4"
      },
      {
        "status": "affected",
        "version": "11.6.1-11.6.3.4"
      },
      {
        "status": "affected",
        "version": "11.5.1-11.5.8"
      }
    ]
  }
]

References

www.securityfocus.com/bid/109064

support.f5.com/csp/article/K61002104

0.001 Low

EPSS

Percentile

22.1%

JSON

Related for CVELIST:CVE-2019-6639