8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
7.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.3%
A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username’s password in plain text.
CPE | Name | Operator | Version |
---|---|---|---|
ayesa:ibermatica_rps | ayesa ibermatica rps | eq | 2019 |
[
{
"defaultStatus": "unaffected",
"product": "IBERMATICA RPS 2019",
"vendor": "IBERMATICA",
"versions": [
{
"status": "affected",
"version": "RPS 2019"
}
]
}
]
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
7.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.3%