Lucene search

INCIBECVELIST:CVE-2023-3349

HistoryOct 03, 2023 - 1:24 p.m.

CVE-2023-3349 Information exposure on IBERMATICA RPS

2023-10-0313:24:44

CWE-200

INCIBE

www.cve.org

cve-2023-3349

information exposure

ibermatica rps

unauthenticated user

sensitive information

logging mechanism

log file

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.9%

JSON

Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "IBERMATICA RPS 2019",
    "vendor": "IBERMATICA",
    "versions": [
      {
        "status": "affected",
        "version": "RPS 2019"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ibermatica-rps-2019

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.9%

JSON

Related for CVELIST:CVE-2023-3349