CVE-2016-7469
MEDIUMBIG-IP LTM 11.2.1-12.1.2 - Authenticated Stored Cross-Site Scripting in Configuration Utility Device Name Change Page
Title source: llmDescription
A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K97285349
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037559
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95320
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037560
Scores
CVSS v3
5.4
EPSS
0.0027
EPSS Percentile
50.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (50)
f5/big-ip_access_policy_manager
11.2.1
f5/big-ip_access_policy_manager
11.4.0
f5/big-ip_access_policy_manager
11.4.1
f5/big-ip_access_policy_manager
11.5.0
f5/big-ip_access_policy_manager
11.5.1
f5/big-ip_access_policy_manager
11.5.2
f5/big-ip_access_policy_manager
11.5.3
f5/big-ip_access_policy_manager
11.5.4
f5/big-ip_access_policy_manager
11.6.0
f5/big-ip_access_policy_manager
11.6.1
... and 40 more
Published
Jun 09, 2017
Tracked Since
Feb 18, 2026