PatchSiren cyber security CVE debrief

CVE-2023-3631 Medart Health Services CVE debrief

CVE-2023-3631 is a critical SQL injection vulnerability in Medart Notification Panel. NVD lists it as CWE-89 with a CVSS 3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), and the affected range is listed as versions through 2023-11-23. The disclosure notes that the vendor was contacted early but did not respond.

Vendor: Medart Health Services
Product: Medart Notification Panel
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2023-11-23
Original CVE updated: 2026-05-22
Advisory published: 2023-11-23
Advisory updated: 2026-05-22

Who should care

Administrators, security teams, and application owners running Medart Notification Panel deployments through 2023-11-23 should treat this as urgent. Any environment that depends on this product for database-backed notification workflows should prioritize review and containment.

Technical summary

The issue is an improper neutralization flaw that permits SQL injection. According to the supplied NVD data, the weakness is classified as CWE-89 and is reachable over the network without authentication or user interaction, with potential impact to confidentiality, integrity, and availability rated high. The affected CPE entry covers Medart Notification Panel versions up to and including 2023-11-23.

Defensive priority

Immediate. This is a critical, network-reachable SQL injection with no required privileges or user interaction, and the disclosure indicates no vendor response was received early in the process.

Recommended defensive actions

Inventory all Medart Notification Panel deployments and confirm whether any instance is at or below the affected version range through 2023-11-23.
Restrict access to the application and any administrative interfaces while remediation is pending, using network allowlists, VPN access, or other compensating controls.
Review application and database logs for suspicious SQL errors, unusual query patterns, or unexpected data access tied to the notification panel.
Apply an official vendor fix or upgrade if one becomes available; if the product is unsupported or unmaintained, plan migration or removal.
Rotate and review database credentials and privileges associated with the application if exposure is suspected.
Validate that monitoring and alerting are in place for database abuse and application-layer injection attempts.

Evidence notes

This debrief is based on the supplied CVE/NVD corpus only. The CVE was published on 2023-11-23 and later modified on 2026-05-22. NVD metadata identifies the weakness as CWE-89 and provides the CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The affected CPE entry lists Medart Notification Panel as vulnerable through 2023-11-23. The description states that the vendor was contacted early and did not respond. The source corpus also includes USOM reference URLs, one of which is malformed/broken in the supplied data.

Official resources

CVE-2023-3631 CVE record
CVE.org
CVE-2023-3631 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Source reference
af854a3a-2127-422b-91ae-364da2661108 - Broken Link

Publicly disclosed in the CVE/NVD record on 2023-11-23. The description notes that the vendor was contacted early but did not respond.