Lucene search

[email protected]CVE-2023-3350

HistoryOct 03, 2023 - 2:15 p.m.

CVE-2023-3350

2023-10-0314:15:10

CWE-532

[email protected]

web.nvd.nist.gov

cryptographic issue

ibermatica rps

cve-2023-3350

sql query

aes-cbc-128

.net

password hashes

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.3%

JSON

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username’s password in plain text.

Affected configurations

Vulners

NVD

Node

ibermaticaibermatica_rps_2019Range≤RPS 2019

CPENameOperatorVersion
ayesa:ibermatica_rpsayesa ibermatica rpseq2019

CPE	Name	Operator	Version
ayesa:ibermatica_rps	ayesa ibermatica rps	eq	2019

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "IBERMATICA RPS 2019",
    "vendor": "IBERMATICA",
    "versions": [
      {
        "status": "affected",
        "version": "RPS 2019"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ibermatica-rps-2019

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.3%

JSON

Related for CVE-2023-3350

prion1 nvd1 cvelist1