CVE-2023-5155 Utarit Information Technologies CVE debrief

Who should care

Security teams, application owners, and operations staff responsible for Utarit SoliPay Mobile App deployments, especially any environment still running a version earlier than 5.0.8.

Technical summary

The official NVD record identifies this issue as CWE-89 (SQL Injection) affecting cpe:2.3:a:utarit:solipay_mobile versions before 5.0.8. The published CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, which indicates an unauthenticated network-reachable flaw with severe potential impact.

Defensive priority

Immediate

Recommended defensive actions

• Upgrade Utarit SoliPay Mobile App to version 5.0.8 or later.
• Inventory all installations and confirm no affected versions earlier than 5.0.8 remain in use.
• Treat any reachable affected instance as a high-priority remediation item because the published score indicates no authentication or user interaction is required and impact can be severe.
• Review the official NVD and USOM references for any additional vendor-facing guidance that applies to your deployment and response process.

Evidence notes

This debrief is based only on the supplied official records and references. NVD lists the affected range as versions before 5.0.8, the weakness as CWE-89, and the CVSS v3.1 vector as AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The CVE was published on 2024-02-15; the later 2026-05-20 modified timestamp reflects record updates, not the original disclosure date. The supplied corpus includes USOM advisory references but no separate vendor bulletin text.

Official resources