{"containers": {"cna": {"affected": [{"product": "BIG-IP", "vendor": "F5", "versions": [{"status": "unaffected", "version": "13.1.x"}, {"status": "unaffected", "version": "12.1.x"}, {"status": "unaffected", "version": "11.6.x"}, {"lessThan": "17.0.x*", "status": "unaffected", "version": "17.0.0", "versionType": "custom"}, {"lessThan": "16.1.2.2", "status": "affected", "version": "16.1.x", "versionType": "custom"}, {"lessThan": "15.1.5.1", "status": "affected", "version": "15.1.x", "versionType": "custom"}, {"lessThan": "14.1.4.6", "status": "affected", "version": "14.1.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "F5 acknowledges Long Tran Hoang of VSEC for bringing this issue to our attention and following the highest standards of coordinated disclosure."}], "datePublic": "2022-05-04T00:00:00", "descriptions": [{"lang": "en", "value": "On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility (also referred to as the BIG-IP TMUI) that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-05T16:37:48", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.f5.com/csp/article/K70300233"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "f5sirt@f5.com", "DATE_PUBLIC": "2022-05-04T14:00:00.000Z", "ID": "CVE-2022-28707", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIG-IP", "version": {"version_data": [{"version_affected": "!>=", "version_name": "17.0.x", "version_value": "17.0.0"}, {"version_affected": "<", "version_name": "16.1.x", "version_value": "16.1.2.2"}, {"version_affected": "<", "version_name": "15.1.x", "version_value": "15.1.5.1"}, {"version_affected": "<", "version_name": "14.1.x", "version_value": "14.1.4.6"}, {"version_affected": "!", "version_name": "13.1.x", "version_value": "13.1.x"}, {"version_affected": "!", "version_name": "12.1.x", "version_value": "12.1.x"}, {"version_affected": "!", "version_name": "11.6.x", "version_value": "11.6.x"}]}}]}, "vendor_name": "F5"}]}}, "credit": [{"lang": "eng", "value": "F5 acknowledges Long Tran Hoang of VSEC for bringing this issue to our attention and following the highest standards of coordinated disclosure."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility (also referred to as the BIG-IP TMUI) that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K70300233", "refsource": "MISC", "url": "https://support.f5.com/csp/article/K70300233"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:03:52.585Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.f5.com/csp/article/K70300233"}]}]}, "cveMetadata": {"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2022-28707", "datePublished": "2022-05-05T16:37:48.043480Z", "dateReserved": "2022-04-19T00:00:00", "dateUpdated": "2024-09-17T03:03:23.310Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "25DAD24A-2D43-498E-BC43-183B669EA1FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B25A33B9-2485-4D80-8F49-9B4688A39345", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "2D3E81E7-3E6A-46AD-827D-14046D93144E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "C9416AE8-7C48-4986-99E8-5F313715B6B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DCA6CE41-1D13-4A7A-94D8-C0D5740870A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "29041413-B405-42A6-B9E9-A3E7C3AC1CB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9F0C4673-2F1D-45B6-BC18-83EF68BA3601", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "0148360C-1167-4FF9-B231-3D53890BD932", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "214D3CD8-6A1A-4119-B107-0363D34B3458", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "6CA06267-4A87-4249-8A08-5A78BDCEE884", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EF96CE38-E834-475C-92AD-97D904D8F831", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "702ACADF-C7FF-43C9-89A9-5F464718F800", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C7E9747B-6167-4E8B-AF48-AA55C900C872", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD637AF5-F7D1-428F-955E-16756B7476E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4BFA5B4-AFC0-4E4C-A4E7-ED7BFDC3411F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "987AEEE0-9301-4F36-BB52-9C260741522F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "51A3D5FE-1B2D-44F3-83DF-BBB3DFBA2DBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "189D37B0-49A3-4369-8F85-325355BE5B29", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "71B7081C-A869-402A-9C58-219B3225DB70", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "AA89EA2D-9053-4B84-AE93-208F7640750B", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "153BBF00-C7A3-4654-A4F4-2F3DD54A5814", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3BCA2C3F-7E1E-48EA-92CF-1AF5274F5012", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "950A7D6C-DCA1-4B8E-B3C2-15F1845FF0D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "5788C636-64A1-4A9A-BB1A-EBC4ED80C59E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:16.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "48F2498F-8691-4325-8B3D-E56A5CE3F3D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:16.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "CF19BEB3-1624-433C-9C6C-BE71752A5FCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:16.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "85E54209-6418-4ECE-91EE-A36D82E4AFD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C8332960-4AAE-4101-8FFF-2D07B6479BD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:14.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D3F5F2BF-708F-40F6-9BD0-4779DE9A1785", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:14.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "DC9FA335-23DF-4206-853A-934B41A20525", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "DEE1D83B-7E70-4AF0-85BF-530FD1F66825", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:14.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "41D3317C-4A3C-48D2-A56F-7D50E2CE7759", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:15.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "08E29063-889A-4499-AEAC-D79165EA34A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:15.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6550AF19-D3CD-4FD2-AABD-EF02579D0862", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:15.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "670D14AF-EF88-4F82-B295-30BE34745808", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:15.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "1BA899CE-26F3-42C5-8AF5-ABD2E3E01CB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:15.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "61795EB4-7DFF-4168-B1C3-375DA353C678", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:15.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "C8D10D74-5C97-44DE-B667-3011BBA585F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:16.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F2E0BDAB-9EB9-43FB-B49C-CC8440CAF1AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:16.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "59742F26-53D5-49A7-B456-71FD322EFD97", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:16.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B7DCF9E7-F55B-4448-A35A-42C26BA7123E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:17.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA0A9081-15D2-44F7-B66E-5C594F7C8066", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "22FF4312-2711-4526-B604-796E637139E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "EF145312-4BF7-4BD1-853C-4A3F6FDF2311", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B878A1C5-0FA9-46A6-93D3-9A15652CD2B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "E4E94B20-41C4-4441-A208-B44F1AFE79C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5C32BB88-ECE9-49C1-B75D-D47A17399C10", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "DF25F766-7DF2-4BBB-881C-6C43C801126A", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9EB1E835-DDA7-4D3A-B92A-DF88CE9509F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "9094D9E8-4B45-4714-9626-5866B17B0ADA", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "967FD30D-8806-4C8A-BBCD-2C84FCA42BD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "D619D58E-D8A8-423C-BB46-EBEDCD887D92", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:16.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "530F58C3-EED0-4641-B71D-8F27006EBAD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:16.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "88C68A60-A500-45BA-AE56-C7B2F3122691", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:16.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "CF7EAF3C-66C8-43D2-B276-77D56CA6E63B", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "EDEBE106-40F1-439C-8154-187D89988C3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "907FEE11-DF3B-4BE7-9BAE-5F6BE20E469D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "49C435C8-DA39-41AF-9E42-AE50C96F9C66", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "817F7B3C-1CAC-4BD3-BD1A-C271C9516701", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "8B89FE04-D25D-4FF0-9421-B8BED0F77997", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "14612AC5-945C-4402-AFF0-5FCE11B7C785", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2A03DD77-08C8-482F-8F79-48396ED0BF1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "219F951F-C59B-4844-8558-6D07D067DF7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "AE8FA530-5502-4FE1-A234-5E313D71B931", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "6578F36C-12EF-49E4-9012-2ECCE8770A92", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "00141CBE-3AF5-40C3-B9D6-E9E61CFABECB", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:16.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "56FC4AD6-EC04-4BC0-8B13-6AE9805AA8F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:16.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A1BC7E64-0621-487A-A612-C82CC040FD90", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:16.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "46203B9C-8815-44FC-809B-A24F988CC5AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:17.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E9AB53DF-7335-462E-B8CD-44DF0DCE3826", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C529A4BA-F1B7-4297-A9CC-2FF0EB2CB5AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:14.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "106CE093-FAED-499F-961B-11484D4A1508", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "A0092DB5-0E5B-44DE-8299-B8AFDD18526C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:14.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "C2ED3051-5100-4214-B212-C039F1CCCC3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "74DEDC05-82FC-4AD5-9DDD-D0D68DA9E26D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E4CDFC55-EE03-4A97-B122-1F459562B074", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "AED85D4E-09B0-4A5F-9630-561731543064", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "6BADF2CC-1D6F-4711-ADD1-02AE987079FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "86B5BB56-DFB0-4859-9980-A72D69C0747B", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "B7851945-44BC-4B08-8156-EFC08793DC90", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:16.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6943EFA5-D2C4-4255-B175-6F876A06DE81", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:16.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "579581AF-464E-47E2-9345-1B29B8846346", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:16.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "BDE33ED3-2629-456A-AC7E-62255D6E5FCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:17.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DC4E36FE-C4C7-4C00-A65A-41F50FCE017D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1013320D-D0EE-461E-AF90-049F82AC910E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "91918377-CD4C-40B6-A167-4F596EA9D2B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "AA222867-59E6-4C3E-8F4D-003D51D93BA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "E83A8D13-E491-4CEA-8761-9C6B39CCD402", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3E634D59-2B6D-49B8-A7BD-E2962CD2B455", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "382A68A9-76FE-4FCC-86A8-A96D9EBB5C8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "5DC0FF34-57F5-4454-9EDB-755F60EDC89B", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "68E110D5-07A4-4D45-B623-D0A8894A0E39", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "9784D592-2275-4B76-BABC-A68C5C995C36", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "93E7270E-62BF-4974-8ACD-D9E0A6AA77D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:16.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D211D419-03FA-4E64-9551-D19B73634E45", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:16.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E50E357C-95EC-4278-BB26-8BC94B92CC70", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:16.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "46C7A912-01EE-4301-84A0-465F97C8F30B", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D0954BD-CC9C-448F-A9C1-3FB71AB27D6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BF46DCE-2603-4E61-87B8-352FF4111567", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4B6989D6-DCB0-47C4-9884-3C7B9BB39652", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "35F63FB6-FD94-409A-A00B-7D73C6A35974", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "108A4319-E52F-4DFD-A5E2-7F0623FE0B2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5756EA61-D0E4-4AC1-882D-71EE4BB6CEB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0ADBB0BD-F67B-43AD-AC6C-4B5EEF37BFF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "427986E1-F438-42A5-AE19-D70C76C35DE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "FCFCE08F-8FEC-478A-8620-BACE3F78BC75", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "E44E67B9-2A93-49AD-A8D8-A670D9F6DD0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "EEEEB4CB-ADED-46F9-85F8-5B8319811B30", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:16.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "75641260-5656-4717-9912-FB3AF67DEC77", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:16.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3D373DB4-A175-4196-AC1D-AD2F8845DE53", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:16.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "DE43C4B8-77B8-4AC0-BD92-33E19A7FD87D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B04EE3A2-A09D-41C3-A5F2-DAC007041B14", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:14.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "71666E6B-8615-4D7B-9A7B-2F6D048FE086", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:14.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4841BDDC-DBDB-48C1-B841-DF3477A8A27C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "371D42CC-39CB-4F17-AF8F-195BC58F415D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:14.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "5C9A1D5B-D2A6-4AEE-989F-18C607FA51A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E847B072-2E86-416D-9D39-FD796770A0B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0C55AD7A-B63D-4DCD-8222-28CBC64900C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "282D7673-A22C-4CCB-8476-0ACE0AEE4A90", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "FB3DF801-A0D8-43EE-92D6-8F0010CF1B76", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "41122A97-81A2-4C3C-97F6-A89AA246503A", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "C7AE56D9-DDA5-4F8C-8F37-3C1090A95349", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:16.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "79C95A86-994C-4F7C-A2E8-A688EE8E8286", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:16.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "35E73A7E-5AFD-4E8F-97E9-3D3955B38CFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:16.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "588E8731-0160-4664-8BC4-45F7F55B58F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:17.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A7B147BB-1B2E-4F40-9FA7-1165B8F0B60D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A724B2F3-E3FA-456F-9581-0213358B654C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "0F6CE564-D51A-4ACE-8A09-CE65D1713EB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "C231E06C-1121-49BD-B5FB-CB45A4D10810", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D001D61-CC58-4FFF-9B1B-44046DB5FAD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "461C4C1D-B0F9-44EF-A535-BCE9FE501A94", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "BEC35855-E381-49ED-B929-1B2F1E107615", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9E2359AD-205D-49B8-821D-5569F63F91FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "56846B46-E0FC-4921-BE96-368F7CB2FB15", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5D8FCEF-C962-404B-8663-D11C277F9839", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "7C07A0B7-25D3-4599-9047-8FF889AD0A23", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:16.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "7E2B279F-8EE5-44FD-9EFE-48C652289CF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:16.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "69C053C3-AFD9-4A24-83A8-08F8D5614ACB", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:16.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "994D457F-259C-460E-A3E1-CB2F737A2181", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "73FB842B-33B1-4AD4-AC61-47192A87A785", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2BDE4D90-5AE4-4183-997E-188FF17D497E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "05C36C95-6191-4C6F-978A-1303E4D75126", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "4ABEFBF8-9888-4B1D-9912-97C501AFC895", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "98A1FBEB-A427-43A8-B2AB-2E331585D512", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C1C2B883-EA96-4B51-865B-B1DE1561096C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7C091449-089A-417E-B77C-A4EE1FB86597", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4FB05CC1-69F8-4959-8666-D106C0D27826", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "A6EB971F-907D-49C8-8B59-EA3895394A21", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "F6F3E3A8-0AB8-4F89-961B-AE4BFDE979D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "65AC40D8-1554-4BB6-BD8A-055137A79E00", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:16.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7FB3D02-E919-4F91-8FF6-32E78593C014", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:16.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E26FB91C-AF0E-4996-8F52-FE4348152BC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:16.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "658A1401-D4C0-47C0-B932-FB46E04697C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "509A4307-3EC4-4AE7-AF72-3C2B3CF9E754", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility (also referred to as the BIG-IP TMUI) that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"}, {"lang": "es", "value": "En F5 BIG-IP versiones 16.1.x anteriores a 16.1.2.2, las versiones 15.1.x anteriores a 15.1.5.1 y las versiones 14.1.x anteriores a 14.1.4.6, Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) almacenada en una p\u00e1gina no revelada de la utilidad de configuraci\u00f3n de BIG-IP (tambi\u00e9n denominada BIG-IP TMUI) que permite a un atacante ejecutar JavaScript en el contexto del usuario que ha iniciado la sesi\u00f3n. Nota: Las versiones de software que han alcanzado el Fin del Soporte T\u00e9cnico (EoTS) no son evaluadas"}], "id": "CVE-2022-28707", "lastModified": "2022-05-12T15:30:05.823", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "f5sirt@f5.com", "type": "Secondary"}]}, "published": "2022-05-05T17:15:14.573", "references": [{"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K70300233"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "f5sirt@f5.com", "type": "Primary"}]}

{}