PatchSiren cyber security CVE debrief

CVE-2023-3651 Digital Ant CVE debrief

CVE-2023-3651 is a critical SQL injection vulnerability in Digital Ant E-Commerce Software affecting versions before 11. The issue is rated CVSS 3.1 9.8 and is network-exploitable with no privileges or user interaction required. Based on the CVSS vector and the CWE classification, successful exploitation could expose, alter, or disrupt sensitive application data. Organizations running affected Digital Ant E-Commerce Software should treat this as an urgent remediation item.

Vendor: Digital Ant
Product: E-Commerce Software
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2023-08-08
Original CVE updated: 2026-05-21
Advisory published: 2023-08-08
Advisory updated: 2026-05-21

Who should care

Security teams, application owners, and administrators responsible for Digital Ant E-Commerce Software deployments, especially any environment still running a version earlier than 11. Web application and database administrators should also care because SQL injection typically targets backend data handling paths.

Technical summary

The official record classifies this issue as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). NVD lists the affected product criteria as cpe:2.3:a:digital-ant:digital_ant:* with vulnerable versions ending before 11. The CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicates a remotely reachable flaw that requires no authentication or user interaction and can have high confidentiality, integrity, and availability impact.

Defensive priority

Urgent. The combination of CVSS 9.8, remote exploitability, and no authentication requirement makes this a high-priority remediation item for any exposed deployment.

Recommended defensive actions

Upgrade Digital Ant E-Commerce Software to version 11 or later, or the vendor-fixed release referenced by your trusted advisory process.
Inventory all instances of Digital Ant E-Commerce Software and confirm whether any system is running a version earlier than 11.
Review externally reachable application endpoints and database-related request handling for SQL injection exposure.
Validate that input validation, parameterized queries, and server-side query construction controls are in place across affected code paths.
Increase monitoring for abnormal database queries, unexpected errors, and signs of data-access anomalies while remediation is underway.

Evidence notes

This debrief is based on the supplied official CVE/NVD record and referenced USOM advisories. The NVD metadata lists the weakness as CWE-89 and the vulnerable version range as ending before 11 for Digital Ant E-Commerce Software. The CVSS vector provided by NVD is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. No KEV listing was supplied in the source corpus.

Official resources

CVE-2023-3651 CVE record
CVE.org
CVE-2023-3651 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
af854a3a-2127-422b-91ae-364da2661108 - Third Party Advisory

Published in the CVE record on 2023-08-08 and modified on 2026-05-21. No KEV entry was provided in the source corpus.