CVE-2024-23603

Published: Feb 14, 2024
Updated: May 4, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-23603" target="_blank" rel="noopener"> CVE-2024-23603
Severity: High
Exploit:

An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS v3:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
f5 / big-ip_application_security_manager	16.1.0	16.1.4
f5 / big-ip_application_security_manager	15.1.0	15.1.9
f5 / big-ip_application_security_manager	17.1.0	17.1.0.x
f5 / big-ip_advanced_web_application_firewall	17.1.0	17.1.0.x
f5 / big-ip_advanced_web_application_firewall	16.1.0	16.1.4
f5 / big-ip_advanced_web_application_firewall	15.1.0	15.1.10