K31044532 : NGINX Controller vulnerability CVE-2020-5900

2020-06-1000:00:00

my.f5.com

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.7%

JSON

Security Advisory Description

Insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface. (CVE-2020-5900)

Impact

An attacker can exploit this vulnerability by enticing a victim user to follow a malicious link. A successful exploit can allow the attacker to perform arbitrary actions on the web user interface with the privilege level of the victim user. For more information about CSRF, refer to <https://owasp.org/www-community/attacks/csrf>.

Note: This link takes you to a resource outside of AskF5, and the third party could remove the document without our knowledge.

CPENameOperatorVersion
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-iq centralized managementeq7.1.0
big-ip afmeq11.6.1
big-ip afmeq11.6.2
big-ip afmeq11.6.3

Name	Operator	Version
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-iq centralized management	eq	7.1.0
big-ip afm	eq	11.6.1
big-ip afm	eq	11.6.2
big-ip afm	eq	11.6.3

Rows per page:

1-10 of 2051