CVE-2023-2963 – This SQL injection vulnerability in Oliva Exper... (How to Fix)

Q: What is the severity of CVE-2023-2963?

CVE-2023-2963 has a CVSS score of 9.8 (CRITICAL). This SQL injection vulnerability in Oliva Expertise EKS allows attackers to execute arbitrary SQL commands on the database. It affects all Oliva Expertise EKS installations before version 1.2, potentially compromising sensitive data and system integrity.

📋 TL;DR

This SQL injection vulnerability in Oliva Expertise EKS allows attackers to execute arbitrary SQL commands on the database. It affects all Oliva Expertise EKS installations before version 1.2, potentially compromising sensitive data and system integrity.

💻 Affected Systems

Products:

Oliva Expertise EKS

Versions: All versions before 1.2

Operating Systems: Any OS running Oliva Expertise EKS

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Oliva Ekspertiz by Olivaekspertiz

View all CVEs affecting Oliva Ekspertiz →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, authentication bypass, and potential remote code execution on the database server.

🟠

Likely Case

Unauthorized data access, extraction of sensitive information, and potential privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permissions in place.

🌐 Internet-Facing: HIGH - Web applications with SQL injection vulnerabilities are prime targets for automated attacks.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are commonly exploited with automated tools. The specific exploit details are not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2

Vendor Advisory: https://www.usom.gov.tr/bildirim/tr-23-0409

Restart Required: Yes

Instructions:

1. Download Oliva Expertise EKS version 1.2 or later from official sources. 2. Backup current installation and database. 3. Stop the application service. 4. Install the updated version. 5. Restart the application service. 6. Verify functionality.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection protection rules to block malicious requests.

Input Validation Filter

all

Implement application-level input validation to reject SQL special characters in user inputs.

🧯 If You Can't Patch

Isolate the affected system from internet access and restrict to necessary internal networks only.
Implement strict database permissions, using least privilege principles for application database accounts.

🔍 How to Verify

Check if Vulnerable:

Check the application version in administration interface or configuration files. If version is below 1.2, the system is vulnerable.

Check Version:

Check application configuration or administration panel for version information.

Verify Fix Applied:

Confirm the application version is 1.2 or higher after patching and test SQL injection attempts are properly blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual database queries in application logs
SQL syntax errors in logs
Multiple failed login attempts with SQL-like patterns

Network Indicators:

HTTP requests containing SQL keywords (SELECT, UNION, INSERT, etc.)
Unusual database connection patterns

SIEM Query:

source="application_logs" AND ("SQL syntax" OR "SELECT *" OR "UNION SELECT")

📊 Metadata

CVE ID: CVE-2023-2963

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: July 17, 2023

Last Updated: November 21, 2024

🔗 References

https://www.usom.gov.tr/bildirim/tr-23-0409 Third Party Advisory
https://www.usom.gov.tr/bildirim/tr-23-0409 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-2963, you might also want to check these: