CVE-2023-4993 Utarit Information Technologies CVE debrief

Who should care

Organizations and individuals using SoliPay Mobile App versions earlier than 5.0.8, plus mobile application owners, IT administrators, and security teams responsible for app inventory and update enforcement.

Technical summary

The CVE is described as an incorrect use of privileged APIs issue in SoliPay Mobile App that can allow data collected as provided by users to be exposed. NVD lists the vulnerable CPE range as all SoliPay Mobile App versions excluding 5.0.8 and assigns CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating a remotely reachable issue with high confidentiality impact and no listed integrity or availability impact. The available references include an official NVD entry and a USOM third-party advisory.

Defensive priority

High. The issue is remotely reachable, requires no privileges or user interaction per the CVSS vector, and affects confidentiality. Upgrade/remediate vulnerable deployments promptly.

Recommended defensive actions

• Upgrade SoliPay Mobile App to version 5.0.8 or later.
• Inventory deployed app versions to identify any systems or devices still running versions before 5.0.8.
• Use the official NVD and USOM advisories to confirm remediation guidance and affected version scope.
• Remove or isolate vulnerable installations until they are updated.
• Validate that security and software distribution processes prevent reinstallation of affected versions.

Evidence notes

The CVE description states that the issue affects SoliPay Mobile App before 5.0.8. NVD metadata lists cpe:2.3:a:utarit:solipay_mobile:* with versionEndExcluding 5.0.8 as vulnerable and provides CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. References in the source corpus include an official NVD entry and USOM advisories, supporting the affected product/version boundary and remediation context. Weakness metadata is mixed in the source corpus, with NVD reporting NVD-CWE-noinfo and USOM providing CWE-648.

Official resources