BIG-IP APM Portal Access vulnerability CVE-2020-5853

2020-01-1322:07:00

support.f5.com

0.001 Low

EPSS

Percentile

22.8%

JSON

In BIG-IP APM Portal Access, HTTP pages that are served by back-end servers and have special JavaScript code may cause internal name conflicts. (CVE-2020-5853)

Impact

BIG-IP APM

An attacker who can control JavaScript code served by back-end servers may bypass the client-side rewriting that BIG-IP APM Portal Access performs and launch a cross-site scripting (XSS) attack.

CPENameOperatorVersion
big-iq centralized managementle7.0.0
big-ip aamle16.0.0
big-ip afmle16.0.0
big-ip analyticsle16.0.0
big-ip apmle16.0.0
big-ip asmle16.0.0
big-ip dnsle16.0.0
big-ip fpsle16.0.0
big-ip gtmle16.0.0
big-ip link controllerle16.0.0

Name	Operator	Version
big-iq centralized management	le	7.0.0
big-ip aam	le	16.0.0
big-ip afm	le	16.0.0
big-ip analytics	le	16.0.0
big-ip apm	le	16.0.0
big-ip asm	le	16.0.0
big-ip dns	le	16.0.0
big-ip fps	le	16.0.0
big-ip gtm	le	16.0.0
big-ip link controller	le	16.0.0

Rows per page:

1-10 of 151

0.001 Low

EPSS

Percentile

22.8%

JSON

Related for F5:K73183618