Vulnerability Description
Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AAM 11.4.0 before 11.6.0, AFM and PEM 11.3.0 before 11.6.0, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0 and 10.1.0 through 10.2.4, and PSM 11.0.0 through 11.4.1 and 10.1.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Advanced Firewall Manager | 11.3.0 |
| F5 | Big-Ip Policy Enforcement Manager | 11.3.0 |
| F5 | Big-Ip Application Security Manager | 10.1.0 |
| F5 | Big-Ip Application Acceleration Manager | 11.4.0 |
| F5 | Enterprise Manager | 3.0.0 |
| F5 | Big-Ip Edge Gateway | 10.1.0 |
| F5 | Big-Ip Global Traffic Manager | 10.1.0 |
| F5 | Big-Ip Link Controller | 10.1.0 |
| F5 | Big-Ip Local Traffic Manager | 10.1.0 |
| F5 | Big-Ip Access Policy Manager | 10.1.0 |
| F5 | Big-Ip Protocol Security Module | 10.1.0 |
| F5 | Big-Ip Webaccelerator | 10.1.0 |
| F5 | Big-Ip Wan Optimization Manager | 10.1.0 |
| F5 | Big-Ip Analytics | 11.0.0 |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1030776
- https://support.f5.com/kb/en-us/solutions/public/15000/500/sol15532.htmlVendor Advisory
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140828-Exploit
- http://www.securitytracker.com/id/1030776
- https://support.f5.com/kb/en-us/solutions/public/15000/500/sol15532.htmlVendor Advisory
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140828-Exploit
FAQ
What is CVE-2014-4023?
CVE-2014-4023 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AA...
How severe is CVE-2014-4023?
CVE-2014-4023 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4023?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Policy Enforcement Manager, F5 Big-Ip Application Security Manager, F5 Big-Ip Application Acceleration Manager, F5 Enterprise Manager.