CVE-2020-5905 Information

Description

In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network WCCP page the system does not sanitize all user-provided data before display.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Reference

https://support.f5.com/csp/article/K07051153 https://www.kb.cert.org/vuls/id/290915

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

4.3