On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
Link | Resource |
---|---|
https://support.f5.com/csp/article/K57735782 | Vendor Advisory |
https://support.f5.com/csp/article/K57735782 | Vendor Advisory |
Configurations
History
21 Nov 2024, 06:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.f5.com/csp/article/K57735782 - Vendor Advisory |
27 Jun 2023, 19:02
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.5
v3 : 5.4 |
CWE | CWE-79 |
01 Feb 2022, 16:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:f5:nginx_controller_api_management:*:*:*:*:*:*:*:* | |
CWE | CWE-94 | |
References | (MISC) https://support.f5.com/csp/article/K57735782 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.5
v3 : 8.1 |
25 Jan 2022, 20:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-25 20:15
Updated : 2024-11-21 06:47
NVD link : CVE-2022-23008
Mitre link : CVE-2022-23008
CVE.ORG link : CVE-2022-23008
JSON object : View
Products Affected
f5
- nginx_controller_api_management