CVE-2016-7469 Information
Feb 14, 2021
cve
Description
A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM AAM AFM Analytics APM ASM DNS Edge Gateway GTM Link Controller PEM PSM WebAccelerator WOM and WebSafe version 12.0.0 - 12.1.2 11.4.0 - 11.6.1 and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges and it could cause the Configuration utility client to become unstable.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Reference
http://www.securityfocus.com/bid/95320 http://www.securitytracker.com/id/1037559 http://www.securitytracker.com/id/1037560 https://support.f5.com/csp/article/K97285349
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
5.4
Share on: