Lucene search

F5CVELIST:CVE-2022-27662

HistoryMay 05, 2022 - 4:29 p.m.

CVE-2022-27662

2022-05-0516:29:10

CWE-1336

www.cve.org

cve-2022-27662

cross-site template injection

f5 traffix sdc

configuration utility

server execution

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CNA Affected

[
  {
    "product": "Traffix SDC",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "5.2.2",
        "status": "affected",
        "version": "5.2.x",
        "versionType": "custom"
      },
      {
        "lessThan": "5.1.35",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      }
    ]
  }
]

References

support.f5.com/csp/article/K24248011