Unknown
CVE-2023-38138
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2023-38138
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- big ip access policy manager
- big ip advanced firewall manager
- big ip advanced web application firewall
- big ip analytics
- big ip application acceleration manager
- big ip application security manager
- big ip application visibility and reporting
- big ip carrier grade nat
- big ip ddos hybrid defender
- big ip domain name system
- big ip edge gateway
- big ip fraud protection service
- big ip global traffic manager
- big ip link controller
- big ip local traffic manager
- big ip policy enforcement manager
- big ip ssl orchestrator
- big ip webaccelerator
- big ip websafe
References
Miscellaneous
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
