cbcvebase.
CVE-2020-5916
published 2020-08-26

CVE-2020-5916: In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads…

medium6.8CVSS 3.1
AVNACLPRHUINSCCHINAN
In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory.

Affected

40 ranges· showing 25
VendorProductVersion rangeFixed in
f5big-ip_aam
f5big-ip_access_policy_manager
f5big-ip_access_policy_manager>= 15.0.0 < 15.0.1.415.0.1.4
f5big-ip_access_policy_manager>= 15.1.0 < 15.1.0.515.1.0.5
f5big-ip_advanced_firewall_manager>= 15.0.0 < 15.0.1.415.0.1.4
f5big-ip_advanced_firewall_manager>= 15.1.0 < 15.1.0.515.1.0.5
f5big-ip_afm
f5big-ip_analytics
f5big-ip_analytics>= 15.0.0 < 15.0.1.415.0.1.4
f5big-ip_analytics>= 15.1.0 < 15.1.0.515.1.0.5
f5big-ip_apm
f5big-ip_application_acceleration_manager>= 15.0.0 < 15.0.1.415.0.1.4
f5big-ip_application_acceleration_manager>= 15.1.0 < 15.1.0.515.1.0.5
f5big-ip_application_security_manager>= 15.0.0 < 15.0.1.415.0.1.4
f5big-ip_application_security_manager>= 15.1.0 < 15.1.0.515.1.0.5
f5big-ip_asm
f5big-ip_ddos_hybrid_defender>= 15.0.0 < 15.0.1.415.0.1.4
f5big-ip_ddos_hybrid_defender>= 15.1.0 < 15.1.0.515.1.0.5
f5big-ip_dhd
f5big-ip_dns
f5big-ip_domain_name_system>= 15.0.0 < 15.0.1.415.0.1.4
f5big-ip_domain_name_system>= 15.1.0 < 15.1.0.515.1.0.5
f5big-ip_fps
f5big-ip_fraud_protection_service>= 15.0.0 < 15.0.1.415.0.1.4
f5big-ip_fraud_protection_service>= 15.1.0 < 15.1.0.515.1.0.5