Lucene search

[email protected]CVE-2023-3349

HistoryOct 03, 2023 - 2:15 p.m.

CVE-2023-3349

2023-10-0314:15:10

CWE-532

CWE-200

[email protected]

web.nvd.nist.gov

cve-2023-3349

ibermatica rps 2019

information exposure

url

unauthenticated user

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.9%

JSON

Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded.

Affected configurations

Vulners

NVD

Node

ibermaticaibermatica_rps_2019Range≤RPS 2019

CPENameOperatorVersion
ayesa:ibermatica_rpsayesa ibermatica rpseq2019

CPE	Name	Operator	Version
ayesa:ibermatica_rps	ayesa ibermatica rps	eq	2019

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "IBERMATICA RPS 2019",
    "vendor": "IBERMATICA",
    "versions": [
      {
        "status": "affected",
        "version": "RPS 2019"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ibermatica-rps-2019

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.9%

JSON

Related for CVE-2023-3349

prion1 cvelist1 nvd1