Security Advisory Description A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. (CVE-2024-27202) Impact An attacker may exploit this vulnerability by causing an authenticated user to visit a malicious website that the administrator's browser considers to be within the same origin as the BIG-IP Configuration utility (for example, in the same domain). If successful, an attacker can run JavaScript in the context of the currently logged-in user. This is a control plane issue; there is no data plane…Read More
K000138520 : BIG-IP Configuration utility vulnerability CVE-2024-27202
