Vulnerabilities > F5 > BIG IP Edge Gateway > 17.1.0.1

DATE CVE VULNERABILITY TITLE RISK
2023-08-02 CVE-2023-38138 Cross-site Scripting vulnerability in F5 products
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5 CWE-79
6.1
6.1
2023-08-02 CVE-2023-38419 Improper Handling of Exceptional Conditions vulnerability in F5 products
An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5 CWE-755
4.3
4.3
2023-08-02 CVE-2023-38423 Cross-site Scripting vulnerability in F5 products
A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5 CWE-79
5.4
5.4