PatchSiren cyber security CVE debrief
CVE-2023-3045 Tise CVE debrief
CVE-2023-3045 is a critical SQL injection vulnerability affecting Tise Parking Web Report versions before 2.1. The NVD record and the linked USOM advisory identify CWE-89 and a CVSS 3.1 score of 9.8, with conditions that indicate network reachability, no privileges required, and no user interaction. In practical terms, exposed installations running an affected version should be treated as urgent to patch or isolate.
- Vendor
- Tise
- Product
- Parking Web Report
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-07-10
- Original CVE updated
- 2024-11-21
- Advisory published
- 2023-07-10
- Advisory updated
- 2024-11-21
Who should care
Security teams, application owners, and administrators responsible for Tise Parking Web Report deployments should prioritize this issue, especially where the application is reachable from untrusted networks or handles sensitive data.
Technical summary
The published vulnerability data indicates improper neutralization of SQL command special elements in Parking Web Report before version 2.1. NVD maps the issue to CWE-89 and lists a CVSS 3.1 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, which signals a remotely reachable issue with high impact if exploited. The supplied product scope is cpe:2.3:a:tise:parking_web_report:*:*:*:*:*:*:*:* with vulnerable versions ending before 2.1.
Defensive priority
Critical. Patch or remove exposure as soon as possible. If immediate upgrading is not possible, reduce reachability and monitor for suspicious database activity while remediation is prepared.
Recommended defensive actions
- Upgrade Tise Parking Web Report to version 2.1 or later, as the vulnerable range is listed as versions before 2.1.
- If the product cannot be updated immediately, restrict network access to the application to the smallest possible trusted set.
- Review application logs, database logs, and authentication or query anomalies for signs of abuse.
- Validate whether any sensitive data is accessible through the affected application and rotate credentials if exposure is suspected.
- Confirm whether any internet-facing instances exist and prioritize those first.
- Track vendor or advisory guidance tied to the USOM reference for any additional remediation notes.
Evidence notes
The CVE description states an SQL injection issue in Tise Technology Parking Web Report before 2.1. The NVD metadata includes a vulnerable CPE range ending in version 2.1 and assigns CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The linked USOM advisory is the only third-party reference provided in the supplied corpus. No CISA KEV entry is present in the supplied enrichment.
Official resources
-
CVE-2023-3045 CVE record
CVE.org
-
CVE-2023-3045 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
Published 2023-07-10T16:15:54.783Z; modified 2024-11-21T08:16:18.950Z.