Vulnerabilities > CVE-2020-5863

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

netapp

NVD

Published: 2020-03-27

Updated: 2022-04-22

Summary

In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 Nginx Controller 1.0.1 F5 Nginx Controller 2.0.0 F5 Nginx Controller 2.1.0 F5 Nginx Controller 2.2.0 F5 Nginx Controller 2.3.0 F5 Nginx Controller 2.4.0 F5 Nginx Controller 2.5.0 F5 Nginx Controller 2.6.0 F5 Nginx Controller 2.7.0 F5 Nginx Controller 2.8.0 F5 Nginx Controller 2.8.1 F5 Nginx Controller 2.9.0 F5 Nginx Controller 3.0.0 F5 Nginx Controller 3.1.0	14
Application	Netapp Netapp Cloud Backup -	1

Vulnerabilities > CVE-2020-5863 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2020-5863"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2020-5863