A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 27 Sep 2024 22:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2024-09-27T21:57:58.771Z

Reserved: 2023-07-17T22:41:24.591Z

Link: CVE-2023-38423

cve-icon Vulnrichment

Updated: 2024-08-02T17:39:13.615Z

cve-icon NVD

Status : Modified

Published: 2023-08-02T16:15:10.730

Modified: 2024-11-21T08:13:32.247

Link: CVE-2023-38423

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.