PatchSiren cyber security CVE debrief
CVE-2022-29303 SolarView CVE debrief
CVE-2022-29303 is a command injection vulnerability affecting SolarView Compact and is listed in CISA’s Known Exploited Vulnerabilities catalog. Because CISA added it to KEV, defenders should treat it as actively exploited and prioritize remediation using vendor guidance. The supplied record does not include a CVSS score, so operational urgency should be driven by the KEV listing and the possibility that exposed instances may be at higher risk.
- Vendor
- SolarView
- Product
- Compact
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2023-07-13
- Original CVE updated
- 2023-07-13
- Advisory published
- 2023-07-13
- Advisory updated
- 2023-07-13
Who should care
Organizations that use SolarView Compact, especially asset owners, security teams, and administrators responsible for patching, monitoring, and retiring exposed instances.
Technical summary
The official record identifies the issue as a command injection vulnerability in SolarView Compact. CISA’s KEV entry confirms it as a known exploited vulnerability and directs defenders to apply updates per vendor instructions or discontinue use of the product if updates are unavailable. The supplied corpus does not provide additional technical details, impact scope, or a CVSS score.
Defensive priority
Urgent
Recommended defensive actions
- Confirm whether SolarView Compact is deployed anywhere in your environment.
- Apply vendor updates or mitigations exactly as instructed by the vendor.
- If updates are unavailable, discontinue use of the product per CISA guidance.
- Prioritize remediation ahead of the CISA KEV due date of 2023-08-03.
- Review relevant system and application activity for signs of suspicious command execution around affected assets.
Evidence notes
This debrief is based only on the supplied official sources: the CISA KEV feed entry for CVE-2022-29303 and the linked official CVE/NVD references. The corpus identifies the vulnerability as SolarView Compact command injection, marks it as KEV-listed, and provides the remediation note to apply updates or discontinue use if updates are unavailable. No CVSS score was supplied in the corpus.
Official resources
-
CVE-2022-29303 CVE record
CVE.org
-
CVE-2022-29303 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
-
Source item URL
cisa_kev
Publicly disclosed and listed by CISA as a Known Exploited Vulnerability on 2023-07-13; no exploit instructions or weaponized details included.