Skip to main content

Traffix Signaling Delivery Controller CVE-2022-27880

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2022-05-05 f5sirt@f5.com
4.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
May 05, 2022 - 17:15 nvd
MEDIUM 4.8

DescriptionNVD

On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

AnalysisAI

On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Affected products include: F5 Traffix Signaling Delivery Controller. Version information: prior to 5.2.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2019-5436 HIGH POC
7.8 May 28

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4

CVE-2019-9077 HIGH POC
7.8 Feb 24

An issue was discovered in GNU Binutils 2.32. Rated high severity (CVSS 7.8), this vulnerability is no authentication re

CVE-2019-9070 HIGH POC
7.8 Feb 24

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. Rated high severity (CVSS 7.8), this vuln

CVE-2018-14634 HIGH POC
7.8 Sep 25

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. Rated high severity (CVSS 7.8), t

CVE-2019-13050 HIGH POC
7.5 Jun 29

Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes i

CVE-2018-20002 MEDIUM POC
5.5 Dec 10

The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distri

CVE-2015-5738 HIGH
7.5 Jul 26

The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on L

CVE-2019-16714 HIGH
7.5 Sep 23

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information

CVE-2019-13565 HIGH
7.5 Jul 26

An issue was discovered in OpenLDAP 2.x before 2.4.48. Rated high severity (CVSS 7.5), this vulnerability is remotely ex

CVE-2019-11479 HIGH
7.5 Jun 19

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. Rated high severity (CVSS 7.5),

CVE-2019-11478 HIGH
7.5 Jun 19

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be

CVE-2019-11477 HIGH
7.5 Jun 19

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux

Share

CVE-2022-27880 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy