CVE-2020-5932 — Cross-site Scripting in F5 Big-ip Application Security Manager

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.8MEDIUMNVD

EPSS

0.3%

top 51.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Application Security Manager F5 Big-ip ASM

Timeline

PublishedOct 29

Latest updateMay 24

Description

On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed when preview is opened.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶NVDf5/big-ip_application_security_manager15.1.0 — 15.1.1

▶CVEListV5f5/big-ip_asm15.1.0-15.1.0.5

🔴Vulnerability Details

GHSA

GHSA-pv2g-c84f-3586: On BIG-IP ASM 15↗2022-05-24

▶

CVEList

CVE-2020-5932: On BIG-IP ASM 15↗2020-10-29

▶

📋Vendor Advisories

CVE-2020-5932: On BIG-IP ASM 15↗2020-10-29

▶