Threat Advisories - NVD Disclosed October 26, 2023

CVE-2023-46748

F5 BIG-IP SQL Injection Vulnerability Leads to Command Execution.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in the BIG-IP Configuration utility allows authenticated attackers to execute system commands. This could impact system integrity and availability. The realistic business risk involves potential unauthorized access and control over affected systems.

NVD published: October 26, 2023 • CISA KEV

CVE advisoryKnown Exploit

CVE-2023-46747

F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A security flaw in F5 BIG-IP systems allows unauthorized command execution. This could impact organizations by exposing systems to attackers with network access, posing a significant business risk.

NVD published: October 26, 2023 • CISA KEV

CVE advisoryKnown Exploit

CVE-2023-43208

Mirth Connect Unauthenticated Remote Code Execution

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

NextGen Healthcare Mirth Connect is affected by an unauthenticated remote code execution vulnerability. This poses a business risk as attackers could gain unauthorized access and control over systems and data. Organizations should address this vulnerability to mitigate potential impacts.

NVD published: October 26, 2023 • CISA KEV