Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for BIG-IP (AFM, ASM) by F5

    CVE-2019-6636 (GCVE-0-2019-6636)

    Vulnerability from nvd – Published: 2019-07-03 18:17 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. The level of user role which can perform this attack are resource administrator and administrator.
    Severity
    No CVSS data available.
    CWE
    • XSS/CSRF
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K68151373 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/109108 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    F5 BIG-IP (AFM, ASM) Affected: BIG-IP (AFM
    Affected: ASM) 14.1.0-14.1.0.5
    Affected: 14.0.0-14.0.0.4
    Affected: 13.0.0-13.1.1.4
    Affected: 12.1.0-12.1.4
    Affected: 11.5.1-11.6.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:22.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K68151373"
              },
              {
                "name": "109108",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/109108"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP (AFM, ASM)",
              "vendor": "F5",
              "versions": [
                {
                  "status": "affected",
                  "version": "BIG-IP (AFM"
                },
                {
                  "status": "affected",
                  "version": "ASM) 14.1.0-14.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "14.0.0-14.0.0.4"
                },
                {
                  "status": "affected",
                  "version": "13.0.0-13.1.1.4"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.4"
                },
                {
                  "status": "affected",
                  "version": "11.5.1-11.6.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. The level of user role which can perform this attack are resource administrator and administrator."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XSS/CSRF",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-11T08:06:02.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K68151373"
            },
            {
              "name": "109108",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/109108"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2019-6636",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP (AFM, ASM)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "BIG-IP (AFM"
                              },
                              {
                                "version_value": "ASM) 14.1.0-14.1.0.5"
                              },
                              {
                                "version_value": "14.0.0-14.0.0.4"
                              },
                              {
                                "version_value": "13.0.0-13.1.1.4"
                              },
                              {
                                "version_value": "12.1.0-12.1.4"
                              },
                              {
                                "version_value": "11.5.1-11.6.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. The level of user role which can perform this attack are resource administrator and administrator."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XSS/CSRF"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K68151373",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K68151373"
                },
                {
                  "name": "109108",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/109108"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2019-6636",
        "datePublished": "2019-07-03T18:17:07.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:22.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6636 (GCVE-0-2019-6636)

    Vulnerability from cvelistv5 – Published: 2019-07-03 18:17 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. The level of user role which can perform this attack are resource administrator and administrator.
    Severity
    No CVSS data available.
    CWE
    • XSS/CSRF
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K68151373 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/109108 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    F5 BIG-IP (AFM, ASM) Affected: BIG-IP (AFM
    Affected: ASM) 14.1.0-14.1.0.5
    Affected: 14.0.0-14.0.0.4
    Affected: 13.0.0-13.1.1.4
    Affected: 12.1.0-12.1.4
    Affected: 11.5.1-11.6.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:22.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K68151373"
              },
              {
                "name": "109108",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/109108"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP (AFM, ASM)",
              "vendor": "F5",
              "versions": [
                {
                  "status": "affected",
                  "version": "BIG-IP (AFM"
                },
                {
                  "status": "affected",
                  "version": "ASM) 14.1.0-14.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "14.0.0-14.0.0.4"
                },
                {
                  "status": "affected",
                  "version": "13.0.0-13.1.1.4"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.4"
                },
                {
                  "status": "affected",
                  "version": "11.5.1-11.6.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. The level of user role which can perform this attack are resource administrator and administrator."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XSS/CSRF",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-11T08:06:02.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K68151373"
            },
            {
              "name": "109108",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/109108"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2019-6636",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP (AFM, ASM)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "BIG-IP (AFM"
                              },
                              {
                                "version_value": "ASM) 14.1.0-14.1.0.5"
                              },
                              {
                                "version_value": "14.0.0-14.0.0.4"
                              },
                              {
                                "version_value": "13.0.0-13.1.1.4"
                              },
                              {
                                "version_value": "12.1.0-12.1.4"
                              },
                              {
                                "version_value": "11.5.1-11.6.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. The level of user role which can perform this attack are resource administrator and administrator."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XSS/CSRF"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K68151373",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K68151373"
                },
                {
                  "name": "109108",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/109108"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2019-6636",
        "datePublished": "2019-07-03T18:17:07.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:22.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }