#SQLInjection

Critical vulnerability in F5 BIG-IP under active exploitation

by

November 1, 2023 at 12:30PM Cybersecurity company F5’s BIG-IP suite has been found to have vulnerabilities that are already being exploited after proof of concept code was shared online. F5 confirmed evidence of active exploitation just days after limited-detail research was published. The vulnerabilities include an Apache JServ Protocol smuggling vulnerability and an SQL injection … Read more

Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability

by

November 1, 2023 at 02:11AM F5 has warned of active exploitation of a critical security flaw in BIG-IP, allowing attackers to execute arbitrary system commands. The vulnerability, tracked as CVE-2023-46747, affects several versions of the software. Additionally, F5 has observed threat actors using this vulnerability in conjunction with CVE-2023-46748, an authenticated SQL injection flaw. Users … Read more