CVE-2020-5908

MEDIUM

BIG-IP APM <12.1.5, <11.6.5.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K33023560
Third Party Advisory third-party-advisory x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/290915

Scores

CVSS v3 5.5
EPSS 0.0009
EPSS Percentile 25.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-532
Status published
Products (1)
f5/big-ip_access_policy_manager 11.6.1 - 11.6.5.2
Published Jul 01, 2020
Tracked Since Feb 18, 2026