CVE-2022-27662
Summary
| CVE | CVE-2022-27662 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-05-05 17:15:00 UTC |
| Updated | 2022-05-13 16:41:00 UTC |
| Description | On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
Risk And Classification
Problem Types: CWE-1336
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | F5 | Traffix Signaling Delivery Controller | 5.1.0 | All | All | All |
| Application | F5 | Traffix Signaling Delivery Controller | 5.2.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| support.f5.com/csp/article/K24248011 | MISC | support.f5.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: F5 acknowledges TIM Security Red Team Research, Valerio Alessandroni, Matteo Brutti, and Massimiliano Brolli for bringing this issue to our attention and following the highest standards of coordinated disclosure.
There are currently no legacy QID mappings associated with this CVE.