7.4
CVE-2020-5864
- EPSS 0.42%
- Published 23.04.2020 19:15:12
- Last modified 21.11.2024 05:34:43
- Source f5sirt@f5.com
- Teams watchlist Login
- Open Login
In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.
Data is provided by the National Vulnerability Database (NVD)
F5 ≫ Nginx Controller Version >= 2.0.0 <= 2.9.0
F5 ≫ Nginx Controller Version >= 3.0.0 < 3.3.0
F5 ≫ Nginx Controller Version1.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.591 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.