CVE-2023-35067 - OpenCVE

Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.This issue affects E-Invoice Approval System: before v.20230701.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Infodrom	E-invoice Approval System

Configuration 1 [-]

cpe:2.3:a:infodrom:e-invoice_approval_system:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-23-0419	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: TR-CERT

Published: 2023-07-25T06:07:32.605Z

Updated: 2023-08-16T07:27:05.100Z

Reserved: 2023-06-12T19:32:44.799Z

Link: CVE-2023-35067

JSON object: View

NVD Information

Status : Modified

Published: 2023-07-25T07:15:10.770

Modified: 2023-08-16T08:15:41.300

Link: CVE-2023-35067

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-35067", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2023-06-12T19:32:44.799Z", "datePublished": "2023-07-25T06:07:32.605Z", "dateUpdated": "2023-08-16T07:27:05.100Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "E-Invoice Approval System", "vendor": "Infodrom Software", "versions": [{"lessThan": "v.20230701", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Gokhan UYGAN"}], "datePublic": "2023-07-25T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.<p>This issue affects E-Invoice Approval System: before v.20230701.</p>"}], "value": "Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.This issue affects E-Invoice Approval System: before v.20230701.\n\n"}], "impacts": [{"capecId": "CAPEC-191", "descriptions": [{"lang": "en", "value": "CAPEC-191 Read Sensitive Strings Within an Executable"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-256", "description": "CWE-256 Plaintext Storage of a Password", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-08-16T07:27:05.100Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0419"}], "source": {"advisory": "TR-23-0419", "defect": ["TR-23-0419"], "discovery": "EXTERNAL"}, "title": "Plaintext Storage of a Password in Infodrom Sofwares E-Invoice Approval System", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}