PatchSiren cyber security CVE debrief
CVE-2023-1723 Vegayazilim CVE debrief
CVE-2023-1723 is a critical SQL injection vulnerability in Mobile Assistant affecting versions before 21.S.2343. The supplied NVD data rates the issue as CVSS 3.1 9.8, with network attackability, no privileges required, and no user interaction, indicating a high-risk weakness for exposed deployments.
- Vendor
- Vegayazilim
- Product
- Mobile Assistant
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-04-17
- Original CVE updated
- 2024-11-21
- Advisory published
- 2023-04-17
- Advisory updated
- 2024-11-21
Who should care
Organizations running Mobile Assistant versions earlier than 21.S.2343, especially teams responsible for internet-facing or broadly reachable application services, database-backed workflows, and incident response for mobile or enterprise application stacks.
Technical summary
The issue is described as improper neutralization of special elements used in an SQL command (CWE-89). NVD lists the affected CPE as vegayazilim:mobile_assistant with the vulnerable version range ending before 21.S.2343. The attack vector in the supplied CVSS data is network-based with low attack complexity, no privileges required, and no user interaction, with potential high impact to confidentiality, integrity, and availability.
Defensive priority
Immediate. This is a critical, remotely reachable SQL injection issue with no authentication or user interaction required in the supplied scoring data, so affected instances should be prioritized for rapid patching and exposure reduction.
Recommended defensive actions
- Upgrade Mobile Assistant to version 21.S.2343 or later.
- Confirm whether your deployment matches the affected CPE/version range in the NVD record.
- Limit exposure of affected services until patching is complete, especially if the application is reachable from untrusted networks.
- Review application and database logs for signs of abnormal query patterns or unexpected database activity.
- Validate remediation status against the vendor or advisory guidance cited in the source corpus.
Evidence notes
The supplied record states that the vulnerability is an SQL injection in Mobile Assistant before 21.S.2343. NVD metadata lists the vulnerable CPE as vegayazilim:mobile_assistant and assigns CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The source corpus also includes a third-party advisory from USOM (tr-23-0228) and the CVE/NVD official records. The source corpus contains inconsistent naming between the CVE description ('Veragroup') and the NVD CPE/vendor mapping ('vegayazilim'); this debrief follows the canonical source fields provided.
Official resources
-
CVE-2023-1723 CVE record
CVE.org
-
CVE-2023-1723 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
Published 2023-04-17 and last modified 2024-11-21 in the supplied CVE/NVD timeline. No KEV listing is included in the supplied enrichment data.