Vulnerability in F5 Big-ip_access_policy_manager
CVE-2020-5892
In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.
EPSS: 0.003 (22.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Affected products
- F5 Big-ip_access_policy_manager
- F5 Big-ip_access_policy_manager_client
- F5 Big-ip_edge_gateway
- N/a Big-ip Edge Client — versions 7.1.5-7.1.8
References
- f5sirt@f5.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2020-5892?
- CVE-2020-5892 is a medium-severity vulnerability in F5 Big-ip_access_policy_manager. CVSS score: 6.7/10. Published 2020-04-30.
- How severe is CVE-2020-5892?
- Medium severity. CVSS v3 base score is 6.7 out of 10.