CVE-2020-5892

MEDIUM

F5 BIG-IP APM, Edge Gateway, and FirePass Legacy - Session ID Exposure in Process Memory

Title source: llm

Description

In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://support.f5.com/csp/article/K15838353

Scores

CVSS v3 6.7

EPSS 0.0009

EPSS Percentile 25.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (3)

f5/big-ip_access_policy_manager 11.6.1 - 11.6.5

f5/big-ip_access_policy_manager_client 7.1.5 - 7.1.8

f5/big-ip_edge_gateway 11.6.1 - 11.6.5

Published Apr 30, 2020

Tracked Since Feb 18, 2026