Lucene search
F5F5:K66851119HistoryMar 10, 2021 - 12:00 a.m.
K66851119 : F5 TMUI XSS vulnerability CVE-2021-22994
2021-03-1000:00:00
my.f5.com
12
Security Advisory Description
Undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. This vulnerability is due to an incomplete fix for CVE-2020-5948. (CVE-2021-22994)
Impact
An attacker may exploit this vulnerability using a crafted URL to a reflected cross-site scripting (XSS) vulnerability in an undisclosed page of the Configuration utility, leading to a complete compromise of the BIG-IP system if the victim user is granted the admin role.
Related
nvd
nvd
cvelist
cvelist
cve
cve
prion
prion
Cross site scripting
2021-03-31 18:15:00
Code injection
2021-03-31 18:15:00
Cross site scripting
2020-12-11 19:15:00
nessus
nessus
F5 Networks BIG-IP : F5 TMUI XSS vulnerability (K66851119)
2021-03-10 00:00:00
F5 Networks BIG-IP : TMM vulnerability (K37451543)
2021-04-01 00:00:00
F5 Networks BIG-IP : F5 TMUI XSS vulnerability (K42696541)
2020-12-11 00:00:00
f5
f5
K23022557 : The BIG-IP system may respond with the NXDOMAIN status when it receives a DNS query of a certain type on a CNAME wide IP
2017-03-06 00:00:00
K88162221 : The BIG-IP ASM system may not properly perform signature checks on cookies
2021-02-10 00:00:00
K37451543 : TMM vulnerability CVE-2021-23007
2021-03-19 00:00:00
attackerkb
attackerkb
CVE-2020-5948 — F5 TMUI XSS vulnerability
2020-12-11 00:00:00
rapid7blog
rapid7blog