CVE-2020-5865

medium

Description

In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.

References

https://support.f5.com/csp/article/K21009022

https://security.netapp.com/advisory/ntap-20200430-0005/

Details

Source: Mitre, NVD

Published: 2020-04-23

Updated: 2022-04-26

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N