Lucene search
HistoryJul 01, 2020 - 3:15 p.m.
CVE-2020-5903
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
43.9%
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.
Affected configurations
Node
f5big-ip_access_policy_managerRange12.1.0–12.1.5
ORf5big-ip_access_policy_managerRange13.1.0–13.1.3
ORf5big-ip_access_policy_managerRange14.1.0–14.1.2
ORf5big-ip_access_policy_managerRange15.0.0–15.1.0
ORf5big-ip_advanced_firewall_managerRange12.1.0–12.1.5
ORf5big-ip_advanced_firewall_managerRange13.1.0–13.1.3
ORf5big-ip_advanced_firewall_managerRange14.1.0–14.1.2
ORf5big-ip_advanced_firewall_managerRange15.0.0–15.1.0
ORf5big-ip_analyticsRange12.1.0–12.1.5
ORf5big-ip_analyticsRange13.1.0–13.1.3
ORf5big-ip_analyticsRange14.1.0–14.1.2
ORf5big-ip_analyticsRange15.0.0–15.1.0
ORf5big-ip_application_acceleration_managerRange12.1.0–12.1.5
ORf5big-ip_application_acceleration_managerRange13.1.0–13.1.3
ORf5big-ip_application_acceleration_managerRange14.1.0–14.1.2
ORf5big-ip_application_acceleration_managerRange15.0.0–15.1.0
ORf5big-ip_application_security_managerRange12.1.0–12.1.5
ORf5big-ip_application_security_managerRange13.1.0–13.1.3
ORf5big-ip_application_security_managerRange14.1.0–14.1.2
ORf5big-ip_application_security_managerRange15.0.0–15.1.0
ORf5big-ip_domain_name_systemRange12.1.0–12.1.5
ORf5big-ip_domain_name_systemRange13.1.0–13.1.3
ORf5big-ip_domain_name_systemRange14.1.0–14.1.2
ORf5big-ip_domain_name_systemRange15.0.0–15.1.0
ORf5big-ip_fraud_protection_serviceRange12.1.0–12.1.5
ORf5big-ip_fraud_protection_serviceRange13.1.0–13.1.3
ORf5big-ip_fraud_protection_serviceRange14.1.0–14.1.2
ORf5big-ip_fraud_protection_serviceRange15.0.0–15.1.0
ORf5big-ip_global_traffic_managerRange12.1.0–12.1.5
ORf5big-ip_global_traffic_managerRange13.1.0–13.1.3
ORf5big-ip_global_traffic_managerRange14.1.0–14.1.2
ORf5big-ip_global_traffic_managerRange15.0.0–15.1.0
ORf5big-ip_link_controllerRange12.1.0–12.1.5
ORf5big-ip_link_controllerRange13.1.0–13.1.3
ORf5big-ip_link_controllerRange14.1.0–14.1.2
ORf5big-ip_link_controllerRange15.0.0–15.1.0
ORf5big-ip_local_traffic_managerRange12.1.0–12.1.5
ORf5big-ip_local_traffic_managerRange13.1.0–13.1.3
ORf5big-ip_local_traffic_managerRange14.1.0–14.1.2
ORf5big-ip_local_traffic_managerRange15.0.0–15.1.0
ORf5big-ip_policy_enforcement_managerRange12.1.0–12.1.5
ORf5big-ip_policy_enforcement_managerRange13.1.0–13.1.3
ORf5big-ip_policy_enforcement_managerRange14.1.0–14.1.2
ORf5big-ip_policy_enforcement_managerRange15.0.0–15.1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| f5 | big-ip_access_policy_manager | * | cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_advanced_firewall_manager | * | cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_analytics | * | cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* |
| f5 | big-ip_application_acceleration_manager | * | cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_application_security_manager | * | cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_domain_name_system | * | cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* |
| f5 | big-ip_fraud_protection_service | * | cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* |
| f5 | big-ip_global_traffic_manager | * | cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_link_controller | * | cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* |
| f5 | big-ip_local_traffic_manager | * | cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* |
Related
nessus
nessus
F5 Networks BIG-IP : BIG-IP TMUI XSS vulnerability (K43638305)
2020-07-01 00:00:00
prion
prion
Cross site scripting
2020-07-01 15:15:00
f5
f5
K43638305 : BIG-IP TMUI XSS vulnerability CVE-2020-5903
2020-07-01 00:00:00
K31301245 : TMUI CSRF vulnerability CVE-2020-5904
2020-07-01 00:00:00
cve
cve
CVE-2020-5903
2020-07-01 15:15:15
ptsecurity
ptsecurity
cvelist
cvelist
CVE-2020-5903
2020-07-01 14:42:00
qualysblog
qualysblog
F5 BIG-IP Remote Code Execution Vulnerability (CVE-2020-5902)
2020-07-06 23:09:52
thn
thn
Critical RCE Flaw Affects F5 BIG-IP Application Security Servers
2020-07-04 14:20:00
trendmicroblog
trendmicroblog
threatpost
threatpost
Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover
2020-07-17 20:59:33
Admins Urged to Patch Critical F5 Flaw Under Active Attack
2020-07-06 19:06:20
cert
cert
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
43.9%
Related for NVD:CVE-2020-5903