PatchSiren cyber security CVE debrief
CVE-2023-4034 Digita Information Technology CVE debrief
CVE-2023-4034 is a critical SQL injection issue in Smartrise Document Management System affecting versions before Hvl-2.0. The vulnerability is rated CVSS 9.8 and, based on the published vector, can be reached over the network without user interaction or privileges. Organizations running affected versions should treat this as a high-priority remediation item and move to Hvl-2.0 or later.
- Vendor
- Digita Information Technology
- Product
- Smartrise Document Management System
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-09-05
- Original CVE updated
- 2026-05-21
- Advisory published
- 2023-09-05
- Advisory updated
- 2026-05-21
Who should care
Security teams, application owners, and administrators responsible for Digitatek Smartrise Document Management System deployments. This is especially important for environments that store sensitive documents or expose the system to untrusted network users.
Technical summary
The published advisory identifies an Improper Neutralization of Special Elements used in an SQL Command (CWE-89) in Smartrise Document Management System. NVD lists the vulnerable CPE as digitatek:smartrise_document_management_system with the affected range ending before Hvl-2.0. The CVSS vector provided by NVD is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a remotely reachable flaw with no required privileges or user interaction and potential high impact to confidentiality, integrity, and availability.
Defensive priority
Critical. The CVSS score is 9.8, the issue is remotely reachable, and the impact profile is high across confidentiality, integrity, and availability. Prioritize remediation ahead of routine maintenance, especially if the product is internet-facing or handles sensitive records.
Recommended defensive actions
- Upgrade Smartrise Document Management System to Hvl-2.0 or later.
- Inventory all installations to confirm whether any instances are running versions before Hvl-2.0.
- Restrict network exposure to the application until remediation is complete, especially if it is externally reachable.
- Review application and database logs for unusual query patterns or unexpected database errors around the affected service.
- Validate that compensating controls such as segmentation, least privilege, and monitoring are in place for any systems that cannot be upgraded immediately.
Evidence notes
Source corpus identifies the issue as SQL injection (CWE-89) in Smartrise Document Management System before Hvl-2.0. NVD provides the affected version boundary and the CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. A third-party advisory is referenced by USOM, and the CVE record/NVD detail pages are the primary official references included in the supplied links.
Official resources
-
CVE-2023-4034 CVE record
CVE.org
-
CVE-2023-4034 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
Publicly disclosed in the CVE/NVD record on 2023-09-05T19:15:48.713Z; source metadata was last modified on 2026-05-21T14:16:42.143Z.