QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2019-6607

Back to search

CVE-2019-6607

Published: Mar 28, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration utility. In the worst case, an attacker can store a CSRF which results in code execution as the admin user.

VendorProductVersions

BIG-IP

BIG-IP (ASM)

affected
11.5.1-11.5.8
affected
11.6.1-11.6.3
affected
12.1.0-12.1.3
affected
13.0.0-13.1.1.3
affected
14.0.0-14.0.0.2

References

107630
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now