CVE-2023-5983 in Pharmacy Automationinfo

Summary

by MITRE • 11/22/2023

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.

This issue affects Pharmacy Automation: before 2.1.133.0.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 05/20/2026

The vulnerability identified as CVE-2023-5983 represents a critical exposure of sensitive information within the Botanik Software Pharmacy Automation system, specifically targeting versions prior to 2.1.133.0. This weakness falls under the broader category of information disclosure vulnerabilities that can have severe implications for healthcare environments where patient data security is paramount. The flaw enables unauthorized actors to retrieve embedded sensitive data, potentially compromising the confidentiality and integrity of pharmaceutical automation systems that handle critical medical information.

This vulnerability stems from inadequate access controls and data protection mechanisms within the pharmacy automation software. The technical implementation appears to lack proper authentication checks or authorization validation when processing requests for sensitive data, allowing malicious users to bypass normal security boundaries. The flaw essentially creates an information leakage channel where unauthorized parties can access data that should remain restricted to authorized personnel only. From a cybersecurity perspective, this issue aligns with CWE-200, which specifically addresses the exposure of sensitive information to unauthorized actors, and represents a direct violation of the principle of least privilege that governs secure system design.

The operational impact of CVE-2023-5983 extends beyond simple data exposure, as pharmacy automation systems typically contain highly sensitive information including patient medical histories, prescription records, medication dosages, and personal identification details. An attacker exploiting this vulnerability could gain access to comprehensive pharmaceutical data that could be used for identity theft, insurance fraud, or even targeted attacks against specific patients. The implications are particularly severe in healthcare settings where regulatory compliance frameworks such as HIPAA mandate strict protection of protected health information, making this vulnerability a potential violation of legal and compliance requirements.

Organizations utilizing Botanik Software Pharmacy Automation must implement immediate mitigation strategies to address this vulnerability. The primary recommendation involves upgrading to version 2.1.133.0 or later, which contains the necessary security patches to resolve the information exposure issue. Additionally, system administrators should conduct thorough access reviews to ensure that only authorized personnel can access sensitive pharmaceutical data, implementing multi-factor authentication and role-based access controls. Network segmentation and monitoring solutions should be deployed to detect and prevent unauthorized access attempts, while regular security audits should verify that sensitive data is properly protected according to industry standards such as those outlined in the NIST Cybersecurity Framework. The vulnerability also highlights the importance of continuous security testing and vulnerability management programs to identify and remediate similar issues before they can be exploited by malicious actors.

Reservation

11/07/2023

Disclosure

11/22/2023

Moderation

accepted

CPE

ready

EPSS

0.00628

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!