admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 05:28:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-230xx/CVE-2022-23013.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

193 lines
7.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-23013",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2022-01-25T20:15:09.227",
"lastModified": "2022-02-02T18:43:26.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
},
{
"lang": "es",
"value": "En BIG-IP DNS & GTM versiones 16.x anteriores a 16.1.0, 15.1.x anteriores a 15.1.4, 14.1.x anteriores a 14.1.4.4, y todas las versiones de 13.1.x, 12.1.x y 11.6.x, se presenta una vulnerabilidad de tipo cross-site scripting (XSS) basada en el DOM en una p\u00e1gina no revelada de la utilidad de configuraci\u00f3n de BIG-IP que permite a un atacante ejecutar JavaScript en el contexto del usuario actualmente conectado. Nota: Las versiones de software que han alcanzado el Fin del Soporte T\u00e9cnico (EoTS) no son evaluadas"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "f5sirt@f5.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndIncluding": "11.6.5",
"matchCriteriaId": "678A0B9C-8DF1-4380-9E12-D3A3973DE2AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndIncluding": "12.1.6",
"matchCriteriaId": "D8B9C544-46AA-42EE-BDC0-7C21F0A266F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0.0",
"versionEndIncluding": "13.1.4",
"matchCriteriaId": "99C43394-83EA-48C8-A129-9F7AB9218267"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0.0",
"versionEndExcluding": "14.1.4.4",
"matchCriteriaId": "6CEA61DA-7C5A-44AB-95E2-3B1EFD4ABD5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndExcluding": "15.1.4",
"matchCriteriaId": "C8322730-8A09-4BC4-8FDD-29CC799BBED0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0.0",
"versionEndExcluding": "16.1.0",
"matchCriteriaId": "B482DB60-D251-4478-83C9-073EE0759BF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndIncluding": "11.6.5",
"matchCriteriaId": "285E9090-E35E-4796-BD25-C06A793B26BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndIncluding": "12.1.6",
"matchCriteriaId": "038F2D0F-EBD4-48C6-A1BB-E32B469E5FA9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0.0",
"versionEndIncluding": "13.1.4",
"matchCriteriaId": "0BF33A2D-839D-4A8F-95A8-09B0F80921F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0.0",
"versionEndExcluding": "14.1.4.4",
"matchCriteriaId": "5BC37431-92C5-414A-B960-D3D9423C0B5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndExcluding": "15.1.4",
"matchCriteriaId": "AD9541A9-35D6-4349-817C-E32743A0F4FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0.0",
"versionEndExcluding": "16.1.0",
"matchCriteriaId": "A701279F-6D0E-4282-AB53-B65F199BCDE3"
}
]
}
]
}
],
"references": [
{
"url": "https://support.f5.com/csp/article/K29500533",
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink