F5 BIG-IP APM
Moderate fix4 remedies
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*
Moderate fix4 remedies
- >= 17.5.0, <= 17.5.1
- >= 17.1.0, <= 17.1.2
- >= 16.1.0, <= 16.1.6
- >= 15.1.0, <= 15.1.10
F5 BIG-IP APM Reflected Cross-Site Scripting Vulnerability
Vulnerability
Patched
A reflected cross-site scripting vulnerability has been identified in BIG-IP APM versions 15.1.0 through 15.1.10, 16.1.0 through 16.1.6, and 17.1.0 through 17.1.2. This vulnerability allows an attacker to execute JavaScript in the context of a targeted logged-out user by sending a crafted URL that is reflected back and executed by the user's web browser.
Impact
Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute JavaScript in the context of the affected user.
Remediation
Users can upgrade to BIG-IP APM versions 17.5.1.3 or 16.1.6.1 to address this vulnerability. For those on the 15.x branch, version 15.1.10.8 is available. Consult the F5 BIG-IP hotfix and point release matrix for more details.
Added: Oct 15, 2025, 4:29 PM
Updated: Oct 15, 2025, 4:29 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
1.7exploitability
6.5remediation
7.7relevance
0.7threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.