Description
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which
may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| F5 | BIG-IP | unknown |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
|
Configuration 9 [-]
|
Configuration 10 [-]
|
Configuration 11 [-]
|
Configuration 12 [-]
|
Configuration 13 [-]
|
Configuration 14 [-]
|
Configuration 15 [-]
|
Configuration 16 [-]
|
Configuration 17 [-]
|
Configuration 18 [-]
|
Configuration 19 [-]
|
Configuration 20 [-]
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2023-50917 | An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
References
History
Tue, 21 Oct 2025 23:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 21 Oct 2025 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 21 Oct 2025 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Sat, 12 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Tue, 04 Feb 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
kev
|
Subscriptions
F5
Subscribe
Big-ip Access Policy Manager
Subscribe
Big-ip Advanced Firewall Manager
Subscribe
Big-ip Advanced Web Application Firewall
Subscribe
Big-ip Analytics
Subscribe
Big-ip Application Acceleration Manager
Subscribe
Big-ip Application Security Manager
Subscribe
Big-ip Application Visibility And Reporting
Subscribe
Big-ip Automation Toolchain
Subscribe
Big-ip Carrier-grade Nat
Subscribe
Big-ip Container Ingress Services
Subscribe
Big-ip Ddos Hybrid Defender
Subscribe
Big-ip Domain Name System
Subscribe
Big-ip Fraud Protection Services
Subscribe
Big-ip Global Traffic Manager
Subscribe
Big-ip Link Controller
Subscribe
Big-ip Local Traffic Manager
Subscribe
Big-ip Policy Enforcement Manager
Subscribe
Big-ip Ssl Orchestrator
Subscribe
Big-ip Webaccelerator
Subscribe
Big-ip Websafe
Subscribe
MITRE
Status: PUBLISHED
Assigner: f5
Published:
Updated: 2025-10-21T23:05:33.293Z
Reserved: 2023-10-25T18:51:34.198Z
Link: CVE-2023-46748
Vulnrichment
Updated: 2024-08-02T20:53:21.354Z
NVD
Status : Analyzed
Published: 2023-10-26T21:15:08.177
Modified: 2025-10-27T17:07:05.050
Link: CVE-2023-46748
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses