5 matches found
CVE-2020-5948
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the...
K42696541: F5 TMUI XSS vulnerability CVE-2020-5948
Security Advisory Description Undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. CVE-2020-5948 Impact An attacker may exploit this vulnerability using a crafted URL t...
CVE-2020-5948
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the...
CVE-2020-5948
CVE-2020-5948 is an iControl REST reflected XSS in BIG-IP. Connected advisories (F5 K42696541) specify affected branches and fixed versions: BIG-IP 16.x vulnerable in 16.0.0; fixed in 16.0.1.1. 15.x vulnerable in 15.0.0–15.1.0; fixed in 15.1.1. 14.x vulnerable in 14.1.0–14.1.2; fixed in 14.1.2.8....
CVE-2020-5948 — F5 TMUI XSS vulnerability
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2. Undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the...