// For flags

CVE-2024-47139

F5 BIG-IQ Vulnerability

Severity Score

4.8
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the Administrator role to run JavaScript in the context of the currently logged-in user.

 


Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Existe una vulnerabilidad de cross-site scripting (XSS) almacenado en una página no revelada de la utilidad de configuración de BIG-IQ que permite a un atacante con el rol de administrador ejecutar JavaScript en el contexto del usuario que ha iniciado sesión en ese momento. Nota: Las versiones de software que han alcanzado el fin del soporte técnico (EoTS) no se evalúan.

*Credits: F5
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
High
User Interaction
Passive
System
Vulnerable | Subsequent
Confidentiality
None
Low
Integrity
None
Low
Availability
None
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-10-02 CVE Reserved
  • 2024-10-16 CVE Published
  • 2024-10-16 CVE Updated
  • 2024-10-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://my.f5.com/manage/s/article/K000141080 2024-10-16
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
F5
Search vendor "F5"
 BIG-IQ
Search vendor "F5" for product "BIG-IQ"
 >= 8.0.0.0 < 8.2.0.1
Search vendor "F5" for product "BIG-IQ" and version " >= 8.0.0.0 < 8.2.0.1"
en
Affected