CVE-2020-5927Cross-site Scripting in F5 Big-ip Application Security Manager

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 42.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F5 Big-ip Application Security ManagerF5 Big-ip ASM
Timeline
PublishedAug 26
Latest updateMay 24

Description

In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG-IP ASM Configuration utility Stored-Cross Site Scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDf5/big-ip_application_security_manager14.1.014.1.2.7+2
CVEListV5f5/big-ip_asm15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6

🔴Vulnerability Details

2
GHSA
GHSA-vh8j-gq55-c6p3: In versions 152022-05-24
CVEList
CVE-2020-5927: In versions 152020-08-26

📋Vendor Advisories

1
F5
CVE-2020-5927: In versions 152020-08-26
CVE-2020-5927 — Cross-site Scripting in F5 | cvebase