CVE-2020-5920
published 2020-08-26CVE-2020-5920: In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-ip_advanced_firewall_manager | >= 11.6.1 < 11.6.5.2 | 11.6.5.2 |
| f5 | big-ip_advanced_firewall_manager | >= 12.1.0 < 12.1.5.2 | 12.1.5.2 |
| f5 | big-ip_advanced_firewall_manager | 13.1.0 – 13.1.3 | — |
| f5 | big-ip_advanced_firewall_manager | 14.1.0 – 14.1.2 | — |
| f5 | big-ip_advanced_firewall_manager | 15.0.0 – 15.1.0 | — |
| f5 | big-ip_afm | — | — |