CVE-2023-2963 is a critical SQL injection issue in Oliva Expertise EKS affecting versions before 1.2. The published CVSS 3.1 vector indicates network access, no privileges required, no user interaction, and high impacts to confidentiality, integrity, and availability. Organizations running affected versions should prioritize upgrading to a fixed release and validating exposure of any internet-facing deployments.
CVE-2023-2960 is a cross-site scripting (XSS) vulnerability affecting Oliva Expertise EKS before version 1.2. NVD classifies the weakness as CWE-79 and rates it CVSS 3.1 6.1 (Medium) with network attack vector and user interaction required. The recorded impact is limited to low confidentiality and integrity impact, with no availability impact. NVD also links a third-party advisory from USOM for additional context.
