CVE-2020-5897
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
12/05/2020
Last modified:
14/05/2020
Description
In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 11.6.1 (including) | 11.6.5.1 (including) |
| cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 12.1.0 (including) | 12.1.5.1 (including) |
| cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.3.3 (including) |
| cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 14.1.0 (including) | 14.1.2.5 (including) |
| cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 15.0.0 (including) | 15.1.0.3 (including) |
| cpe:2.3:a:f5:big-ip_access_policy_manager_client:*:*:*:*:*:*:*:* | 7.1.5 (including) | 7.1.9 (including) |
To consult the complete list of CPE names with products and versions, see this page