Sunday, March 14, 2021

F5 Networks: K66851119 (CVE-2021-22994): F5 TMUI XSS vulnerability

rapid7 vulnerabilities In: , 
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.From K66851119:An attacker may exploit this vulnerability using a crafted URL to a reflected cross-site scripting (XSS) vulnerability in an undisclosed page of the Configuration utility, leading to a complete compromise of the BIG-IP system if the victim user is granted the admin role.
Solution(s)
  • f5-big-ip-upgrade-latest


    • References
  • https://support.f5.com/csp/article/K02566623
  • https://support.f5.com/csp/article/K66851119
  • CVE-2021-22994




    •  

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore