First published: Wed May 04 2022(Updated: )
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Credit: f5sirt@f5.com
Affected Software | Affected Version | How to fix |
---|---|---|
F5 Traffix Signaling Delivery Controller | =5.1.0 | |
F5 Traffix Signaling Delivery Controller | =5.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-27662 is a stored Cross-Site Template Injection vulnerability in F5 Traffix SDC versions prior to 5.2.2 and 5.1.35.
CVE-2022-27662 has a severity level of medium with a CVSS score of 4.8.
The affected software for CVE-2022-27662 is F5 Traffix SDC versions prior to 5.2.2 and 5.1.35.
An attacker can exploit CVE-2022-27662 by executing template language-specific instructions in the context of the Traffix SDC Configuration utility.
To mitigate CVE-2022-27662, it is recommended to update F5 Traffix SDC to version 5.2.2 or 5.1.35.