LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Fwd: [CIVN-2020-0272] Cross Site Scripting Vulnerability in F5 BIG-IP Products

4 years ago 314
BOOK THIS SPACE FOR AD
ARTICLE AD

Severity rating:  High

Software affected

F5 BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link

Controller, PEM) versions:

·         15.x versions 15.1.0 and 15.0.0

·         14.x versions from 14.1.0 to 14.1.2

·         13.x versions from 13.1.0 to 13.1.3

·         12.x versions from 12.1.0 to 12.1.5

Overview

A vulnerability has been reported in F5 BIG-IP products which could allow

an attacker to perform cross-site scripting attack on a targeted system.

Description

This vulnerability exists in multiple BIG-IP products due to a flaw in

undisclosed pages of Traffic Management User Interface (TMUI), also

referred to as the Configuration utility. 

Successful exploitation of this vulnerability could allow the attacker to

run JavaScript in the context of the currently logged-in user. In case the

user has administrative privileges with access to the Advanced Shell

(bash), the attacker can completely compromise the targeted system.

Solution

Update to the fixed versions as mentioned in the F5 advisory

Vendor Information

F5 Networks

References

Tenable

CVE Name

CVE-2020-5903

Read Entire Article
  3. Fwd: [CIVN-2020-0272] Cross Site Scripting Vulnerability in F5 BIG-IP Products

Related

Fwd: [CIVN-2020-0294] Microsoft Office Elevation of Privilege Vulnerability

Fwd: [CIVN-2020-0294] Microsoft Office Elevation of Privilege Vulnerability

Fwd: Virus Alert : CLOP Ransomware

Fwd: Virus Alert : CLOP Ransomware

Fwd: [CIVN-2020-0295] Remote code execution vulnerability in IBM WebSphere Application Server

Fwd: [CIVN-2020-0295] Remote code execution vulnerability in IBM WebSphere Application Server

Fwd: Virus Alert : Conti Ransomware

Fwd: Virus Alert : Conti Ransomware

Fwd: [CIVN-2020-0293] LNK Remote Code Execution Vulnerability

Fwd: [CIVN-2020-0293] LNK Remote Code Execution Vulnerability

Fwd: [CIAD-2020-0049] Multiple Vulnerabilities in Apple iOS and iPadOS

Fwd: [CIAD-2020-0049] Multiple Vulnerabilities in Apple iOS and iPadOS

Trending

1. Sundar Pichai
2. Avadh Ojha
3. Skoda Kylaq
4. Shalini Passi
5. Suraksha Diagnostic IPO GMP
6. Filmfare OTT Awards Winners
7. Jayden Seales
8. Chelsea
9. Vikrant Massey
10. Edoardo Bove

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved