CVE-2016-7469 in BIG-IPinfo

Summary

A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

09/09/2016

Disclosure

06/09/2017

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

4.8

EPSS

0.00269

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-7469
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-7469
CVE Details	https://www.cvedetails.com/cve/CVE-2016-7469/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!