CVE-2020-5889
30.04.2020, 21:15
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client.
| Vendor | Product | Version |
|---|---|---|
| f5 | big-ip_access_policy_manager | 14.1.0 ≤ 𝑥 ≤ 14.1.2.3 |
| f5 | big-ip_access_policy_manager | 15.0.0 ≤ 𝑥 ≤ 15.0.1.2 |
| f5 | big-ip_access_policy_manager | 15.1.0 ≤ 𝑥 ≤ 15.1.0.1 |
𝑥
= Vulnerable software versions