CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-5932

On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed when preview is opened.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 48.6%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 3.5

References

Products affected by CVE-2020-5932

F5 » Big-Ip Application Security Manager » Version: 15.1.0

cpe:2.3:a:f5:big-ip_application_security_manager:15.1.0
F5 » Big-Ip Application Security Manager » Version: 15.1.0.1

cpe:2.3:a:f5:big-ip_application_security_manager:15.1.0.1
F5 » Big-Ip Application Security Manager » Version: 15.1.0.2

cpe:2.3:a:f5:big-ip_application_security_manager:15.1.0.2
F5 » Big-Ip Application Security Manager » Version: 15.1.0.3

cpe:2.3:a:f5:big-ip_application_security_manager:15.1.0.3
F5 » Big-Ip Application Security Manager » Version: 15.1.0.4

cpe:2.3:a:f5:big-ip_application_security_manager:15.1.0.4
F5 » Big-Ip Application Security Manager » Version: 15.1.0.5

cpe:2.3:a:f5:big-ip_application_security_manager:15.1.0.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-5932

Products

Pricing

Contact Us