PatchSiren cyber security CVE debrief
CVE-2023-4670 Innosa CVE debrief
CVE-2023-4670 is a critical SQL injection issue in Innosa Probbys. The NVD record identifies the affected product as Innosa Probbys before version 2, and the weakness mapping references CWE-89. Because the CVSS vector is network-exploitable with no privileges or user interaction required and high impact to confidentiality, integrity, and availability, exposed deployments should be treated as urgent to assess and remediate.
- Vendor
- Innosa
- Product
- Probbys
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-09-15
- Original CVE updated
- 2026-05-21
- Advisory published
- 2023-09-15
- Advisory updated
- 2026-05-21
Who should care
Security teams, application owners, and administrators responsible for Innosa Probbys deployments, especially any internet-facing instances or systems that process untrusted input.
Technical summary
The official NVD record lists CVE-2023-4670 as an SQL injection vulnerability affecting cpe:2.3:a:innosa_probbys_project:innosa_probbys:*:*:*:*:*:*:*:* with the vulnerable range ending before version 2. The USOM reference maps the weakness to CWE-89. The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicates a remotely reachable issue that can have severe confidentiality, integrity, and availability consequences.
Defensive priority
Critical. The combination of remote exploitability, no required privileges, no user interaction, and high impact warrants immediate triage and remediation for any affected deployment.
Recommended defensive actions
- Confirm whether any Innosa Probbys instance is running a version earlier than 2.
- Upgrade to version 2 or later, if that is the vendor-designated non-vulnerable boundary shown in the NVD record.
- Apply the mitigation or vendor guidance referenced by USOM and NVD.
- Review application logs and database access patterns for unexpected queries or anomalous activity around exposed endpoints.
- Limit exposure of affected systems until remediation is complete, and apply least-privilege database permissions where possible.
- After remediation, validate that the deployed version is outside the vulnerable range and retest the affected workflow safely.
Evidence notes
The debrief is based on the official NVD record for CVE-2023-4670 and the USOM third-party advisory references supplied in the corpus. NVD records the product as Innosa Probbys with the vulnerable range ending before version 2 and a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The USOM-linked reference maps the weakness to CWE-89 and supports the SQL injection classification. No exploit steps or unsupported mitigation claims are included.
Official resources
-
CVE-2023-4670 CVE record
CVE.org
-
CVE-2023-4670 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
Publicly disclosed on 2023-09-15. The NVD record was later modified on 2026-05-21; that modified date is record-maintenance context, not the original issue date.