K12002065 : BIG-IP ASM XSS vulnerability CVE-2020-5932

2020-10-2800:00:00

my.f5.com

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Security Advisory Description

A cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed when preview is opened. (CVE-2020-5932)

Impact

This vulnerability allows an authenticated attacker to execute a cross-site scripting (XSS) attack when another BIG-IP ASM authenticated administrative user previews the blocking page response body. The blocking page response body is located on the Blocking Page Default section of the Blocking and Response Pages tab in the security policy configuration.

CPENameOperatorVersion
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-ip afmeq11.5.10
big-ip afmeq11.5.2
big-ip afmeq11.5.3

Name	Operator	Version
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-ip afm	eq	11.5.10
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3

Rows per page:

1-10 of 2881