CVE-2020-5865 — MEDIUM (4.8)

Q: How severe is CVE-2020-5865?

CVE-2020-5865 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-5865?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Nginx Controller, Netapp Cloud Backup.

Vulnerability Description

In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
F5	Nginx Controller	>= 2.0.0, <= 2.9.0
Netapp	Cloud Backup	-

Related Weaknesses (CWE)

CWE-319

References

https://security.netapp.com/advisory/ntap-20200430-0005/Third Party Advisory
https://support.f5.com/csp/article/K21009022Vendor Advisory
https://security.netapp.com/advisory/ntap-20200430-0005/Third Party Advisory
https://support.f5.com/csp/article/K21009022Vendor Advisory

FAQ

What is CVE-2020-5865?

CVE-2020-5865 is a vulnerability with a CVSS score of 4.8 (MEDIUM). In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via m...

How severe is CVE-2020-5865?

CVE-2020-5865 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-5865?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Nginx Controller, Netapp Cloud Backup.