Home

CVE-2019-6636

Description

On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. The level of user role which can perform this attack are resource administrator and administrator.

Risk Information

Base Score
8.4
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.19

Associated Vulnerability

VulnerabilityOS Platform
Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability (CVE-2019-6636)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234