| Vulnerability Name: | CVE-2020-5863 (CCN-178712) | ||||||||||||
| Assigned: | 2020-03-27 | ||||||||||||
| Published: | 2020-03-27 | ||||||||||||
| Updated: | 2022-04-22 | ||||||||||||
| Summary: | In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system. | ||||||||||||
| CVSS v3 Severity: | 8.6 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) 7.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C)
7.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-5863 Source: XF Type: UNKNOWN f5-cve20205863-sec-bypass(178712) Source: CONFIRM Type: Third Party Advisory https://security.netapp.com/advisory/ntap-20200430-0005/ Source: CCN Type: F5 Security Advisory K14631834 NGINX Controller vulnerability CVE-2020-5863 Source: MISC Type: Vendor Advisory https://support.f5.com/csp/article/K14631834 Source: CCN Type: IBM Security Bulletin 6380906 (Aspera High-Speed Transfer Server) NGINX vulnerability CVE-2020-5863 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||