CVE-2023-5443 - Vulnerability Details - OpenCVE

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.This issue affects E-invoice: before 2.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
E-invoice Project	E-invoice

Configuration 1 [-]

cpe:2.3:a:e-invoice_project:e-invoice:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-23-0610

History

No history.

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2023-10-27T13:00:11.166Z

Updated: 2024-09-09T15:06:03.871Z

Reserved: 2023-10-06T07:57:12.979Z

Link: CVE-2023-5443

Vulnrichment

Updated: 2024-08-02T07:59:44.629Z

NVD

Status : Modified

Published: 2023-10-27T14:15:08.680

Modified: 2024-11-21T08:41:46.740

Link: CVE-2023-5443

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5443", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2023-10-06T07:57:12.979Z", "datePublished": "2023-10-27T13:00:11.166Z", "dateUpdated": "2024-09-09T15:06:03.871Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "E-invoice", "vendor": "EDM Informatics", "versions": [{"lessThan": "2.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Furkan KUTLUCA"}], "datePublic": "2023-10-27T13:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.<p>This issue affects E-invoice: before 2.1.</p>"}], "value": "Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.This issue affects E-invoice: before 2.1.\n\n"}], "impacts": [{"capecId": "CAPEC-575", "descriptions": [{"lang": "en", "value": "CAPEC-575 Account Footprinting"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1320", "description": "CWE-1320 Improper Protection for Outbound Error Messages and Alert Signals", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-10-27T13:00:11.166Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0610"}], "source": {"advisory": "TR-23-0610", "defect": ["TR-23-0610"], "discovery": "UNKNOWN"}, "title": "User Enumeration in EDM Informatic's E-Invoice Software", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.629Z"}, "title": "CVE Program Container", "references": [{"tags": ["government-resource", "x_transferred"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0610"}]}, {"affected": [{"vendor": "edm_informatics", "product": "e-invoice", "cpes": ["cpe:2.3:a:edm_informatics:e-invoice:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-09T15:03:42.995062Z", "id": "CVE-2023-5443", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T15:06:03.871Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-23-0610", "tags": ["government-resource", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.629Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5443", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-09T15:03:42.995062Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:edm_informatics:e-invoice:*:*:*:*:*:*:*:*"], "vendor": "edm_informatics", "product": "e-invoice", "versions": [{"status": "affected", "version": "0", "lessThan": "2.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T15:05:56.331Z"}}], "cna": {"title": "User Enumeration in EDM Informatic's E-Invoice Software", "source": {"defect": ["TR-23-0610"], "advisory": "TR-23-0610", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Furkan KUTLUCA"}], "impacts": [{"capecId": "CAPEC-575", "descriptions": [{"lang": "en", "value": "CAPEC-575 Account Footprinting"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "EDM Informatics", "product": "E-invoice", "versions": [{"status": "affected", "version": "0", "lessThan": "2.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2023-10-27T13:00:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-23-0610", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.This issue affects E-invoice: before 2.1.\n\n", "supportingMedia": [{"type": "text/html", "value": "Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.<p>This issue affects E-invoice: before 2.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1320", "description": "CWE-1320 Improper Protection for Outbound Error Messages and Alert Signals"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-10-27T13:00:11.166Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5443", "state": "PUBLISHED", "dateUpdated": "2024-09-09T15:06:03.871Z", "dateReserved": "2023-10-06T07:57:12.979Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2023-10-27T13:00:11.166Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:e-invoice_project:e-invoice:*:*:*:*:*:*:*:*", "matchCriteriaId": "99439F40-742D-4C0F-9057-35562F904B21", "versionEndExcluding": "2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.This issue affects E-invoice: before 2.1.\n\n"}, {"lang": "es", "value": "La vulnerabilidad de protecci\u00f3n inadecuada para mensajes de error salientes y se\u00f1ales de alerta en la factura electr\u00f3nica de EDM Informatics permite la huella de cuenta. Este problema afecta a la factura electr\u00f3nica: versiones anteriores a 2.1."}], "id": "CVE-2023-5443", "lastModified": "2024-11-21T08:41:46.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "iletisim@usom.gov.tr", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-27T14:15:08.680", "references": [{"source": "iletisim@usom.gov.tr", "tags": ["Third Party Advisory"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0610"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0610"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1320"}], "source": "iletisim@usom.gov.tr", "type": "Secondary"}]}