Vulnerabilities in F5’s BIG-IP
Description
Two vulnerabilities of a more serious nature have been found in load-balancing software BIG-IP:
CVE-2023-46747 [CVSS 9.8]: Undisclosed requests may bypass Configuration utility authentication.
CVE-2023-46748 [CVSS 8.8]: An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility.
ReadSpeaker services are not affected by these two.