PatchSiren cyber security CVE debrief

CVE-2023-4675 Gmbilisim CVE debrief

CVE-2023-4675 is a critical SQL injection flaw in GM Information Technologies MDO that affects versions through 20231229. The NVD record rates it 9.8/CRITICAL, and the vulnerability is classified as CWE-89. Because the attack vector is network-based and requires no privileges or user interaction, exposed instances should be treated as urgent remediation candidates.

Vendor: Gmbilisim
Product: Multi-Disciplinary Design Optimization
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2023-12-29
Original CVE updated: 2026-05-21
Advisory published: 2023-12-29
Advisory updated: 2026-05-21

Who should care

Security teams, application owners, and administrators responsible for GM Information Technologies MDO deployments should prioritize this issue, especially if the application is reachable over the network or processes sensitive data.

Technical summary

The official record identifies an improper neutralization of special elements in an SQL command, consistent with SQL injection. NVD lists CVSS v3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating that successful exploitation could lead to full compromise of confidentiality, integrity, and availability. The affected CPE entry covers gmbilisim:multi-disciplinary_design_optimization through version 20231229. USOM references are present in the record, and the CVE description notes that the vendor was contacted early but did not respond.

Defensive priority

Critical. This should be handled as a high-priority exposure because the CVSS score is 9.8 and the attack path does not require authentication or user interaction.

Recommended defensive actions

Identify every deployed instance of GM Information Technologies MDO and confirm whether it is at or below version 20231229.
Apply a vendor-provided fix or upgrade as soon as a remediated release is available.
If remediation is not immediately available, restrict network access to the application to the smallest possible trusted set.
Review application inputs and database access points for SQL injection exposure and strengthen server-side parameter handling.
Add or tune detection for anomalous database queries, unexpected errors, and suspicious request patterns against the application.
Validate logs and database activity for signs of unauthorized query behavior, especially on internet-facing systems.

Evidence notes

This debrief is based only on the supplied NVD record and its linked USOM references. The CVE description states that the vendor was contacted early but did not respond. NVD lists the affected product family, version bound through 20231229, CWE-89, and the CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. No verified remediation version was provided in the supplied corpus.

Official resources

CVE-2023-4675 CVE record
CVE.org
CVE-2023-4675 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Third Party Advisory

The CVE description notes that the vendor was contacted early about the disclosure but did not respond.