CVE-2020-5945: In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The…

high8.4CVSS 3.1

AVNACLPRHUIRSCCHIHAH

In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate to full admin.

Affected

45 ranges· showing 25

Vendor	Product	Version range	Fixed in
f5	big-ip_aam	—	—
f5	big-ip_access_policy_manager	—	—
f5	big-ip_access_policy_manager	>= 14.1.0 < 14.1.2.8	14.1.2.8
f5	big-ip_access_policy_manager	>= 15.1.0 < 15.1.1	15.1.1
f5	big-ip_access_policy_manager	>= 16.0.0 < 16.0.1	16.0.1
f5	big-ip_advanced_firewall_manager	>= 14.1.0 < 14.1.2.8	14.1.2.8
f5	big-ip_advanced_firewall_manager	>= 15.1.0 < 15.1.1	15.1.1
f5	big-ip_advanced_firewall_manager	>= 16.0.0 < 16.0.1	16.0.1
f5	big-ip_afm	—	—
f5	big-ip_analytics	—	—
f5	big-ip_analytics	>= 14.1.0 < 14.1.2.8	14.1.2.8
f5	big-ip_analytics	>= 15.1.0 < 15.1.1	15.1.1
f5	big-ip_analytics	>= 16.0.0 < 16.0.1	16.0.1
f5	big-ip_apm	—	—
f5	big-ip_application_acceleration_manager	>= 14.1.0 < 14.1.2.8	14.1.2.8
f5	big-ip_application_acceleration_manager	>= 15.1.0 < 15.1.1	15.1.1
f5	big-ip_application_acceleration_manager	>= 16.0.0 < 16.0.1	16.0.1
f5	big-ip_application_security_manager	>= 14.1.0 < 14.1.2.8	14.1.2.8
f5	big-ip_application_security_manager	>= 15.1.0 < 15.1.1	15.1.1
f5	big-ip_application_security_manager	>= 16.0.0 < 16.0.1	16.0.1
f5	big-ip_asm	—	—
f5	big-ip_dns	—	—
f5	big-ip_domain_name_system	>= 14.1.0 < 14.1.2.8	14.1.2.8
f5	big-ip_domain_name_system	>= 15.1.0 < 15.1.1	15.1.1
f5	big-ip_domain_name_system	>= 16.0.0 < 16.0.1	16.0.1