CVE-2023-5443 - Vulnerability Details - OpenCVE

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting. This issue affects E-invoice: before 2.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
E-invoice Project	E-invoice
Edm Informatics	E-invoice

Configuration 1 [-]

cpe:2.3:a:e-invoice_project:e-invoice:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0610
https://www.usom.gov.tr/bildirim/tr-23-0610

History

Thu, 21 May 2026 08:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Edm Informatics Edm Informatics e-invoice
CPEs		cpe:2.3:a:edm_informatics:e-invoice::::::::
Vendors & Products		Edm Informatics Edm Informatics e-invoice
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 21 May 2026 07:45:00 +0000

Type	Values Removed	Values Added
Description	Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.This issue affects E-invoice: before 2.1.	Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting. This issue affects E-invoice: before 2.1.
References		https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0610

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2023-10-27T13:00:11.166Z

Updated: 2026-05-21T07:36:25.538Z

Reserved: 2023-10-06T07:57:12.979Z

Link: CVE-2023-5443

Vulnrichment

Updated: 2024-08-02T07:59:44.629Z

NVD

Status : Modified

Published: 2023-10-27T14:15:08.680

Modified: 2026-05-21T08:16:19.600

Link: CVE-2023-5443

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-5443", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2023-10-06T07:57:12.979Z", "datePublished": "2023-10-27T13:00:11.166Z", "dateUpdated": "2026-05-21T07:36:25.538Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-05-21T07:36:25.538Z"}, "title": "User Enumeration in EDM Informatic's E-Invoice Software", "datePublic": "2023-10-27T13:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1320", "description": "CWE-1320 Improper Protection for Outbound Error Messages and Alert Signals", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-575", "descriptions": [{"lang": "en", "value": "CAPEC-575 Account Footprinting"}]}], "affected": [{"vendor": "EDM Informatics", "product": "E-invoice", "versions": [{"status": "affected", "version": "0", "lessThan": "2.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.\n\nThis issue affects E-invoice: before 2.1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.<p>This issue affects E-invoice: before 2.1.</p>"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-23-0610", "tags": ["government-resource", "broken-link"]}, {"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0610", "tags": ["government-resource"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}}], "credits": [{"lang": "en", "value": "Furkan KUTLUCA", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}], "source": {"defect": ["TR-23-0610"], "advisory": "TR-23-0610", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.629Z"}, "title": "CVE Program Container", "references": [{"tags": ["government-resource", "x_transferred"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0610"}]}, {"affected": [{"vendor": "edm_informatics", "product": "e-invoice", "cpes": ["cpe:2.3:a:edm_informatics:e-invoice:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-09T15:03:42.995062Z", "id": "CVE-2023-5443", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T15:06:03.871Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-23-0610", "tags": ["government-resource", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.629Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5443", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-09T15:03:42.995062Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:edm_informatics:e-invoice:*:*:*:*:*:*:*:*"], "vendor": "edm_informatics", "product": "e-invoice", "versions": [{"status": "affected", "version": "0", "lessThan": "2.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T15:05:56.331Z"}}], "cna": {"title": "User Enumeration in EDM Informatic's E-Invoice Software", "source": {"defect": ["TR-23-0610"], "advisory": "TR-23-0610", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Furkan KUTLUCA"}], "impacts": [{"capecId": "CAPEC-575", "descriptions": [{"lang": "en", "value": "CAPEC-575 Account Footprinting"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "EDM Informatics", "product": "E-invoice", "versions": [{"status": "affected", "version": "0", "lessThan": "2.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2023-10-27T13:00:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-23-0610", "tags": ["government-resource", "broken-link"]}, {"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0610", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.\n\nThis issue affects E-invoice: before 2.1.", "supportingMedia": [{"type": "text/html", "value": "Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.<p>This issue affects E-invoice: before 2.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1320", "description": "CWE-1320 Improper Protection for Outbound Error Messages and Alert Signals"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-05-21T07:36:25.538Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5443", "state": "PUBLISHED", "dateUpdated": "2026-05-21T07:36:25.538Z", "dateReserved": "2023-10-06T07:57:12.979Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2023-10-27T13:00:11.166Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:e-invoice_project:e-invoice:*:*:*:*:*:*:*:*", "matchCriteriaId": "99439F40-742D-4C0F-9057-35562F904B21", "versionEndExcluding": "2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.\n\nThis issue affects E-invoice: before 2.1."}, {"lang": "es", "value": "La vulnerabilidad de protecci\u00f3n inadecuada para mensajes de error salientes y se\u00f1ales de alerta en la factura electr\u00f3nica de EDM Informatics permite la huella de cuenta. Este problema afecta a la factura electr\u00f3nica: versiones anteriores a 2.1."}], "id": "CVE-2023-5443", "lastModified": "2026-05-21T08:16:19.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "iletisim@usom.gov.tr", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-27T14:15:08.680", "references": [{"source": "iletisim@usom.gov.tr", "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0610"}, {"source": "iletisim@usom.gov.tr", "tags": ["Third Party Advisory"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0610"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0610"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1320"}], "source": "iletisim@usom.gov.tr", "type": "Secondary"}]}