PatchSiren cyber security CVE debrief
CVE-2023-1765 Akbim CVE debrief
CVE-2023-1765 is a critical SQL injection vulnerability in Akbim Computer Panon. The NVD record identifies the weakness as CWE-89 and states that affected versions are Panon before 1.0.2. Based on the published CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), this issue is remotely exploitable without privileges or user interaction and can have severe impact on confidentiality, integrity, and availability.
- Vendor
- Akbim
- Product
- Panon
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-04-03
- Original CVE updated
- 2024-11-21
- Advisory published
- 2023-04-03
- Advisory updated
- 2024-11-21
Who should care
Organizations running Akbim Panon, especially administrators, security teams, and anyone responsible for patching or inventorying externally reachable business applications. Because the NVD vector shows network access, no privileges, and no user interaction, internet-facing deployments should be treated as highest priority.
Technical summary
The vulnerability is an improper neutralization issue in SQL command construction, allowing SQL injection in Panon. The supplied NVD metadata marks the affected CPE range as Panon versions before 1.0.2. The listed CVSS vector indicates remote exploitation over the network with low attack complexity, no authentication, and no user interaction, which is consistent with high-severity SQL injection risk.
Defensive priority
Critical. The combination of remote reachability, no required authentication, no user interaction, and high impact across confidentiality, integrity, and availability supports immediate remediation.
Recommended defensive actions
- Upgrade Akbim Panon to version 1.0.2 or later as the primary remediation.
- Identify all deployed Panon instances, including test, staging, and externally exposed systems.
- Verify whether any integrations, reports, or user inputs interact with SQL-backed functionality in Panon and prioritize those paths for review.
- Apply least-privilege database permissions and review whether application accounts have broader access than necessary.
- Monitor application and database logs for unusual query patterns, unexpected errors, or signs of injection attempts.
- If immediate upgrade is not possible, place the system behind compensating controls while planning rapid remediation.
Evidence notes
The vulnerability description, affected version boundary, and weakness classification come from the supplied NVD metadata and CVE record context. The CVSS 3.1 vector provided in the source indicates AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The only external advisory reference supplied is the USOM bulletin URL, but its page content was not included in the corpus, so this debrief avoids claims beyond the metadata.
Official resources
-
CVE-2023-1765 CVE record
CVE.org
-
CVE-2023-1765 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource
Published by the CVE program on 2023-04-03. The supplied record was later modified on 2024-11-21; that later date reflects record updates, not the original vulnerability publication date.