What is CVE-2020-5893?

CVE-2020-5893 is a low-severity vulnerability in F5 Big-ip_access_policy_manager, classified under Cleartext Transmission of Sensitive Information. CVSS score: 3.7/10. Published 2020-04-30.

How severe is CVE-2020-5893?

Low severity. CVSS v3 base score is 3.7 out of 10.

Vulnerability in F5 Big-ip_access_policy_manager

CVE-2020-5893

In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.

EPSS: 0.006 (42.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

F5 Big-ip_access_policy_manager
F5 Big-ip_access_policy_manager_client
N/a Big-ip Edge Client — versions 7.1.5-7.1.8

Weakness classification (CWE)

CWE-319 — Cleartext Transmission of Sensitive Information

References

f5sirt@f5.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2020-5893?: CVE-2020-5893 is a low-severity vulnerability in F5 Big-ip_access_policy_manager, classified under Cleartext Transmission of Sensitive Information. CVSS score: 3.7/10. Published 2020-04-30.
How severe is CVE-2020-5893?: Low severity. CVSS v3 base score is 3.7 out of 10.