SQL Injection Vulnerability in F5 BIG-IP AFM Configuration Utility
CVE-2020-5920

4.3MEDIUM

Key Information:

Vendor: F5
Status: Big-ip Afm
Vendor: CVE Published:; 26 August 2020

What is CVE-2020-5920?

A vulnerability exists in the F5 BIG-IP AFM Configuration utility that allows authenticated users to execute a read-only blind SQL injection attack. This flaw affects multiple versions of the BIG-IP AFM product, potentially compromising sensitive data without the need for elevated privileges. Remediation is advised to mitigate the risk from malicious exploitation of this vulnerability.

Affected Version(s)

BIG-IP AFM 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1

References

https://support.f5.com/csp/article/K25160703

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2020
Vulnerability Reserved
Jan 6, 2020