Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K70300233
HistoryMay 04, 2022 - 12:00 a.m.

K70300233 : BIG-IP TMUI XSS vulnerability CVE-2022-28707

2022-05-0400:00:00
my.f5.com
44
big-ip
xss
configuration utility

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Security Advisory Description

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility (also referred to as the BIG-IP TMUI) that allows an attacker to execute JavaScript in the context of the currently logged-in user. (CVE-2022-28707)

Impact

An authenticated attacker with at least a guest role may exploit this vulnerability by storing malicious HTML or JavaScript code in the BIG-IP Configuration utility. If successful, an attacker can run JavaScript in the context of the currently logged-in user. In the case of an administrative user with access to the Advanced Shell (bash), an attacker can leverage successful exploitation of this vulnerability to compromise the BIG-IP system. This is a control plane issue; there is no data plane exposure.

Related

prion 1
cnvd 1
nvd 1
nessus 1
cve 1
cvelist 1
f5 1
prion
prion
Cross site scripting
2022-05-05 17:15:00
cnvd
cnvd
F5 BIG-IP TMUI Cross-Site Scripting Vulnerability (CNVD-2022-77533)
2022-05-07 00:00:00
nvd
nvd
CVE-2022-28707
2022-05-05 17:15:14
nessus
nessus
F5 Networks BIG-IP : BIG-IP TMUI XSS vulnerability (K70300233)
2022-05-05 00:00:00
cve
cve
CVE-2022-28707
2022-05-05 17:15:14
cvelist
cvelist
CVE-2022-28707
2022-05-05 16:37:48
f5
f5
K55879220 : Overview of F5 vulnerabilities (May 2022)
2022-05-04 00:00:00

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON
Related for F5:K70300233
prion1cnvd1nvd1nessus1cve1cvelist1f51