CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-5899

In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.5%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 4.6

References

https://support.f5.com/csp/article/K25434422
https://support.f5.com/csp/article/K25434422

Products affected by CVE-2020-5899

F5 » Nginx Controller » Version: 3.0.0

cpe:2.3:a:f5:nginx_controller:3.0.0
F5 » Nginx Controller » Version: 3.1.0

cpe:2.3:a:f5:nginx_controller:3.1.0
F5 » Nginx Controller » Version: 3.2.0

cpe:2.3:a:f5:nginx_controller:3.2.0
F5 » Nginx Controller » Version: 3.3.0

cpe:2.3:a:f5:nginx_controller:3.3.0
F5 » Nginx Controller » Version: 3.4.0

cpe:2.3:a:f5:nginx_controller:3.4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-5899

Products

Pricing

Contact Us