Lucene search

INCIBECVELIST:CVE-2023-3350

HistoryOct 03, 2023 - 1:26 p.m.

CVE-2023-3350 Cryptographic Issues on IBERMATICA RPS

2023-10-0313:26:03

INCIBE

www.cve.org

cve-2023-3350

cryptographic issue

ibermatica rps

vulnerability

sql query

plaint text

password hashes

aes-cbc-128

decryption

.net function

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.3%

JSON

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username’s password in plain text.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "IBERMATICA RPS 2019",
    "vendor": "IBERMATICA",
    "versions": [
      {
        "status": "affected",
        "version": "RPS 2019"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ibermatica-rps-2019

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.3%

JSON

Related for CVELIST:CVE-2023-3350