K24415506 : BIG-IP APM portal access reflected XSS vulnerability CVE-2020-5889

2020-04-3000:00:00

my.f5.com

0.001 Low

EPSS

Percentile

29.5%

JSON

Security Advisory Description

In BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client. (CVE-2020-5889)

Impact

An attacker can craft a malicious URL and send it to a victim to launch a cross-site scripting (XSS) attack.

CPENameOperatorVersion
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-iq centralized managementeq7.1.0
big-ip afmeq11.6.1
big-ip afmeq11.6.2

Name	Operator	Version
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-iq centralized management	eq	7.1.0
big-ip afm	eq	11.6.1
big-ip afm	eq	11.6.2

Rows per page:

1-10 of 1891

0.001 Low

EPSS

Percentile

29.5%

JSON

Related for F5:K24415506