Details of VAR-201902-0137

ID

VAR-201902-0137

CVE

CVE-2019-6589

TITLE

plural F5 BIG-IP Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-001340

DESCRIPTION

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility. plural F5 BIG-IP Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. F5 BIG-IP TMUI is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. Traffic Management User Interface (TMUI) is one of the user management interfaces. A remote attacker can exploit this vulnerability to execute JavaScript code. The following products and versions are affected: F5 BIG-IP LTM Version 14.0.0, Version 13.0.0 to Version 13.1.1, Version 12.1.0 to Version 12.1.3, Version 11.6.0 to Version 11.6.3; BIG-IP AAM 14.0.0, 13.0.0 to 13.1.1, 12.1.0 to 12.1.3, 11.6.0 to 11.6.3; BIG-IP AFM 14.0.0, 13.0.0 to Version 13.1.1, Version 12.1.0 to Version 12.1.3, Version 11.6.0 to Version 11.6.3; BIG-IP Analytics Version 14.0.0, Version 13.0.0 to Version 13.1.1, Version 12.1.0 to Version 12.1 .3, 11.6.0 to 11.6.3; BIG-IP APM 14.0.0, 13.0.0 to 13.1.1, 12.1.0 to 12.1.3, 11.6.0 to 11.6. 3 versions; BIG-IP ASM version 14.0.0, 13.0.0 to 13.1.1, 12.1.0 to 12.1.3, 11.6.0 to 11.6.3; BIG-IP DNS 14.0.0 , Version 13.0.0 to Version 13.1.1, Version 12.1.0 to Version 12.1.3, Version 11.6.0 to Version 11.6.3; BIG-IP Edge Gateway Version 14.0.0, Version 13.0.0 to Version 13.1.1 , version 12.1.0 to version 12.1.3, version 11.6.0 to version 11.6.3; BIG-IP FPS version 14.0.0, version 13.0.0 to 13.1

Trust: 1.98

sources: NVD: CVE-2019-6589 // JVNDB: JVNDB-2019-001340 // BID: 107028 // VULHUB: VHN-158024

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip analytics	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	13.1.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	13.1.1.3	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	13.1.1.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	13.1.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	13.1.1.3	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	13.1.1.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	13.1.1.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	13.1.1.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	13.1.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	13.1.1.3	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	13.1.1.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	13.1.1.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	13.1.1.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip fraud protection service	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.6.3	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.6.3	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.6.3	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.3	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.6.3	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.0.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	11.6.3	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.6.3	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	11.6.3	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.6.3	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.6.3	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.3	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.6.3	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.6.3	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	ne	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	ne	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	ne	version:	11.6.3.3	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	11.6.3.3	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	11.6.3.3	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	11.6.3.3	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	11.6.3.3	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	ne	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	ne	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	ne	version:	11.6.3.3	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	ne	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	ne	version:	11.6.3.3	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	11.6.3.3	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	11.6.3.3	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	11.6.3.3	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	11.6.3.3	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	11.6.3.3	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	11.6.3.3	Trust: 0.3

sources: BID: 107028 // JVNDB: JVNDB-2019-001340 // NVD: CVE-2019-6589

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6589
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-6589
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201901-1037
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-158024
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-6589
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-158024
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6589
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-158024 // JVNDB: JVNDB-2019-001340 // CNNVD: CNNVD-201901-1037 // NVD: CVE-2019-6589

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-158024 // JVNDB: JVNDB-2019-001340 // NVD: CVE-2019-6589

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-1037

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201901-1037

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001340

PATCH

title:	K23566124	url:	https://support.f5.com/csp/article/K23566124	Trust: 0.8
title:	Multiple F5 product Traffic Management User Interface Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89061	Trust: 0.6

sources: JVNDB: JVNDB-2019-001340 // CNNVD: CNNVD-201901-1037

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6589	Trust: 2.8
db:	JVNDB	id:	JVNDB-2019-001340	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-1037	Trust: 0.7
db:	BID	id:	107028	Trust: 0.3
db:	VULHUB	id:	VHN-158024	Trust: 0.1

sources: VULHUB: VHN-158024 // BID: 107028 // JVNDB: JVNDB-2019-001340 // CNNVD: CNNVD-201901-1037 // NVD: CVE-2019-6589

REFERENCES

url:	https://support.f5.com/csp/article/k23566124	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6589	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6589	Trust: 0.8
url:	http://www.f5.com/	Trust: 0.3

sources: VULHUB: VHN-158024 // BID: 107028 // JVNDB: JVNDB-2019-001340 // CNNVD: CNNVD-201901-1037 // NVD: CVE-2019-6589

CREDITS

Mukhammad Khalilov of the HelpAG company

Trust: 0.3

sources: BID: 107028

SOURCES

db:	VULHUB	id:	VHN-158024
db:	BID	id:	107028
db:	JVNDB	id:	JVNDB-2019-001340
db:	CNNVD	id:	CNNVD-201901-1037
db:	NVD	id:	CVE-2019-6589

LAST UPDATE DATE

2024-11-23T22:45:06.505000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158024	date:	2019-02-14T00:00:00
db:	BID	id:	107028	date:	2019-01-29T00:00:00
db:	JVNDB	id:	JVNDB-2019-001340	date:	2019-02-27T00:00:00
db:	CNNVD	id:	CNNVD-201901-1037	date:	2019-04-01T00:00:00
db:	NVD	id:	CVE-2019-6589	date:	2024-11-21T04:46:45.550

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158024	date:	2019-02-14T00:00:00
db:	BID	id:	107028	date:	2019-01-29T00:00:00
db:	JVNDB	id:	JVNDB-2019-001340	date:	2019-02-27T00:00:00
db:	CNNVD	id:	CNNVD-201901-1037	date:	2019-01-31T00:00:00
db:	NVD	id:	CVE-2019-6589	date:	2019-02-14T00:29:00.213