F5 - Nginx Controller CVE

Filtered by vendor F5 Subscribe

Filtered by product Nginx Controller

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-27730	1 F5	1 Nginx Controller	2021-01-15	7.5 HIGH	9.8 CRITICAL
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.
CVE-2020-5901	1 F5	1 Nginx Controller	2020-07-10	9.3 HIGH	9.6 CRITICAL
In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system.

Vulnerabilities (CVE)