F5 » Big-ip Application Security Manager : Security Vulnerabilities, CVEs, (Sql injection)
CVE-2023-46748
Known exploited
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which
may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Max CVSS
8.8
EPSS Score
0.65%
Published
2023-10-26
Updated
2024-02-01
CISA KEV Added
2023-10-31
Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter.
Max CVSS
7.5
EPSS Score
0.27%
Published
2014-01-30
Updated
2017-08-29
2 vulnerabilities found