CVE-2024-47139 MEDIUM

CVE-2024-47139: F5 BIG-IQ Vulnerability

Vendor F5
Product BIG-IQ
Weakness CWE-80 · XSS · basic
Published October 16, 2024
Last update October 16, 2024

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the Administrator role to run JavaScript in the context of the currently logged-in user.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Key dates

02Disclosure timeline

October 16, 2024 CVE published
October 16, 2024 Record updated