Lucene search
F5CVELIST:CVE-2024-23603HistoryFeb 14, 2024 - 4:30 p.m.
CVE-2024-23603 BIG-IP Advanced WAF and ASM Configuration utility vulnerability
2024-02-1416:30:24
CWE-89
f5
www.cve.org
1
big-ip
sql injection
configuration utility
3.8 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
5.3 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CNA Affected
[
{
"defaultStatus": "unknown",
"modules": [
"Advanced WAF",
"ASM"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "17.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "16.1.4",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThan": "15.1.10",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
}
]References
Related
nessus
nessus
cve
cve
CVE-2024-23603
2024-02-14 17:15:13
prion
prion
Sql injection
2024-02-14 17:15:00
f5
f5
nvd
nvd
CVE-2024-23603
2024-02-14 17:15:13
3.8 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
5.3 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for CVELIST:CVE-2024-23603