CVE-2020-5932

Name of the Vulnerable Software and Affected Versions BIG-IP ASM versions 15.1.0 through 15.1.0.5

Description A cross-site scripting (XSS) issue exists in the BIG-IP ASM Configuration utility response and blocking pages. This allows an authenticated user with administrative privileges to specify a response page with any content, including JavaScript code that will be executed when the preview is opened.

Recommendations For BIG-IP ASM versions 15.1.0 through 15.1.0.5, consider restricting access to the Configuration utility response and blocking pages to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability of authenticated users with administrative privileges to specify custom response pages.