CVE-2019-6657

{"id": "CVE-2019-6657", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-11-01T15:15:11.387", "references": [{"url": "https://support.f5.com/csp/article/K22441651", "tags": ["Vendor Advisory"], "source": "f5sirt@f5.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility."}, {"lang": "es", "value": "En BIG-IP versiones 13.1.0 hasta 13.1.3.1, 12.1.0 hasta 12.1.5 y 11.5.2 hasta 11.6.5.1, se presenta una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en una p\u00e1gina no revelada de la BIG-IP Traffic Management User Interface (TMUI) , tambi\u00e9n conocida como la utilidad BIG-IP Configuration."}], "lastModified": "2019-11-05T22:12:05.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6917369-D3C2-42EB-B73B-F86CE2F17401", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "151ED6D1-AA85-4213-8F3A-8167CBEC4721", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F1C68BC-A3EF-4205-AD00-68CB3A8C65AF", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "039E73A1-9F90-46A4-BFEE-5E97BAF3FAA6", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFD760FE-4347-4D36-B5C6-4009398060F2", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF552D91-612A-43E1-B2D6-02E2515FEA22", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB5A624E-40A1-4F75-8B9A-FA56510C19EE", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DC86A5F-C793-4848-901F-04BFB57A07F6", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0772A366-87B9-40EC-9F63-AE0FF0EF5002", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "596A35D8-3644-4C45-99AC-4D201F170B83", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D5AA99B-08E7-4959-A3B4-41AA527B4B22", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AC8FD5C-AE1A-4484-BB6F-EBB6A48D21F8", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85EE39BF-86AA-498B-BF51-EDCD7BD01376", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C3B5688-0235-4D4F-A26C-440FF24A1B43", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FCB6C17-33AC-4E5E-8633-7490058CA51F", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA776514-AF68-4292-931E-290310EB0939", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2"}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFFCCCFF-8B66-4C8B-A99A-32964855EF98", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D879CE9-E793-41A5-8C20-9BE90BCB012C", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9A8A5C3-0C38-4F46-8F98-DC3B9C58D660", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55C2EC23-E78F-4447-BACF-21FC36ABF155", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A35AC237-573B-4309-87EF-3945FA2449BF", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96E945EE-A623-4775-83B9-4CF81B7EA70F", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "945A19E8-51EB-42FE-9BF1-12DAC78B5286", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B6C3F50-BD60-4A8C-8DBB-680DA4D6BE6D", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92484170-2E91-45F6-9789-B0DF3F5E6260", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB5007D0-BBDB-4D74-9C88-98FBA74757D1", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB07E847-6083-4CC8-8A62-6B9744B87088", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A16FE69-A466-4FA6-BDDA-794C9F2B36FD", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7725810-66D2-4460-A174-9F3BFAD966F2", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0620AA57-83D1-41E6-8ABB-99F3FABB10F0", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43581457-5C55-4B31-BEFA-4B59B2744BB8", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65B76F53-7D8B-477E-8B6E-91AC0A9009FF", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6704F0A6-16E2-4C2D-B5BD-EDDEAD5C153C", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FAB378B-D08A-4B50-BD7D-51F9B461FED5", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2"}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69338CB1-B6E2-44E7-BEC1-6B9EAD560C8B", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F8860F9-2599-4463-AD42-7AF1FD64819B", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BD61B6A-4E98-4D2C-92BC-FED15CEE39A6", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E5552A3-91CD-4B97-AD33-4F1FB4C8827A", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A53C692-D353-42E3-9148-F850DA11884F", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "f5sirt@f5.com"}