CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-9257

In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.4%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2016-9257

F5 » Big-Ip Access Policy Manager » Version: 12.0.0

cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0
F5 » Big-Ip Access Policy Manager » Version: 12.1.0

cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0
F5 » Big-Ip Access Policy Manager » Version: 12.1.1

cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1
F5 » Big-Ip Access Policy Manager » Version: 12.1.2

cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-9257

Products

Pricing

Contact Us