CVE-2020-5903

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 12.1.0 through 12.1.5.1 F5 BIG-IP versions 13.1.0 through 13.1.3.3 F5 BIG-IP versions 14.1.0 through 14.1.2.5 F5 BIG-IP versions 15.0.0 through 15.1.0.3

Description The issue is related to a lack of protection for the web page structure in BIG-IP, which can be exploited by a remote attacker to perform cross-site scripting attacks. This could potentially allow an attacker to compromise the system.

Recommendations For versions 12.1.0 through 12.1.5.1, update to a version outside of this range to mitigate the risk. For versions 13.1.0 through 13.1.3.3, update to a version outside of this range to mitigate the risk. For versions 14.1.0 through 14.1.2.5, update to a version outside of this range to mitigate the risk. For versions 15.0.0 through 15.1.0.3, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the BIG-IP Configuration utility to minimize the risk of exploitation.