Vulnerabilities in F5’s BIG-IP

Published: November 1, 2023 Last Updated: November 1, 2023 12:26:46 PM

Two vulnerabilities of a more serious nature have been found in load-balancing software BIG-IP:

CVE-2023-46747 [CVSS 9.8]: Undisclosed requests may bypass Configuration utility authentication.

CVE-2023-46748 [CVSS 8.8]: An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility.

ReadSpeaker services are not affected by these two.

CVE-2023-46747, CVE-2023-46748

Critical

None

Completed

https://my.f5.com/manage/s/article/K000137368