CVE-2022-27662
4.8
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| F5 | Traffix SDC | 5.2.x < 5.2.2 | affected |
| F5 | Traffix SDC | 5.1.x < 5.1.35 | affected |
Weaknesses
- CWE-1336: CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.