PatchSiren cyber security CVE debrief
CVE-2023-5983 Botanik Software CVE debrief
CVE-2023-5983 is a high-severity information exposure issue in Botanikyazilim Pharmacy Automation. According to NVD, the flaw can allow an unauthorized actor to retrieve embedded sensitive data, affecting versions before 2.1.133.0. Because the attack vector is network-based and requires no privileges or user interaction, the issue should be treated as a priority remediation item for any environment running an affected build.
- Vendor
- Botanik Software
- Product
- Pharmacy Automation
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-11-22
- Original CVE updated
- 2026-05-20
- Advisory published
- 2023-11-22
- Advisory updated
- 2026-05-20
Who should care
Security and IT teams responsible for Botanikyazilim Pharmacy Automation, especially pharmacy operations, application owners, and vulnerability management teams that support healthcare or medication workflow systems running versions earlier than 2.1.133.0.
Technical summary
NVD maps CVE-2023-5983 to Botanikyazilim Pharmacy Automation with an affected version range ending before 2.1.133.0. The CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating a remotely reachable flaw with no required privileges or user interaction and a primary impact to confidentiality. The associated weakness is listed as CWE-359, consistent with exposure of private information to unauthorized access.
Defensive priority
High. The combination of network reachability, no required authentication, no user interaction, and high confidentiality impact makes this an urgent patch-and-verify issue for any exposed or business-critical deployment.
Recommended defensive actions
- Upgrade Botanikyazilim Pharmacy Automation to version 2.1.133.0 or later.
- Inventory all instances of Pharmacy Automation to identify systems running versions earlier than 2.1.133.0.
- Review whether the application stores embedded sensitive or personal data and reduce retained data where possible.
- Restrict network access to the application until remediation is complete, especially from untrusted networks.
- Validate remediation by confirming the installed version and rechecking exposed data paths after upgrade.
- Monitor access logs and application telemetry for unusual retrieval of sensitive records or data exports.
Evidence notes
The CVE description states that Pharmacy Automation before 2.1.133.0 is affected by an exposure of private personal information to an unauthorized actor and that the issue allows retrieval of embedded sensitive data. NVD lists the CVSS vector as AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N with a score of 7.5, and the weakness as CWE-359. The record includes third-party advisory references from USOM and a CVE/NVD official record trail. Vendor attribution in the source uses the CPE name botanikyazilim with medium confidence.
Official resources
-
CVE-2023-5983 CVE record
CVE.org
-
CVE-2023-5983 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
CVE-2023-5983 was published on 2023-11-22 and later modified on 2026-05-20. The provided source set includes NVD and USOM references; no exploit or weaponized reproduction details are included here.