CVE-2020-5905 | SynScan

Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2020-5905

In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the system does not sanitize all user-provided data before display.

Published: Jul 1, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-5905
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
f5 / big-ip_access_policy_manager	11.6.1	11.6.5.2.x
f5 / big-ip_advanced_firewall_manager	11.6.1	11.6.5.2.x
f5 / big-ip_analytics	11.6.1	11.6.5.2.x
f5 / big-ip_application_acceleration_manager	11.6.1	11.6.5.2.x
f5 / big-ip_application_security_manager	11.6.1	11.6.5.2.x
f5 / big-ip_domain_name_system	11.6.1	11.6.5.2.x
f5 / big-ip_fraud_protection_service	11.6.1	11.6.5.2.x
f5 / big-ip_global_traffic_manager	11.6.1	11.6.5.2.x
f5 / big-ip_link_controller	11.6.1	11.6.5.2.x
f5 / big-ip_local_traffic_manager	11.6.1	11.6.5.2.x
f5 / big-ip_policy_enforcement_manager	11.6.1	11.6.5.2.x