CVE-2023-3349

Опубликовано: 03 окт. 2023

Источник: nvd

CVSS3: 8.2

CVSS3: 7.5

EPSS Низкий

Описание

Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ibermatica-rps-2019
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ibermatica-rps-2019
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ayesa:ibermatica_rps:2019:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00122

Низкий

8.2 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-200

CWE-532

Связанные уязвимости

GHSA-cr9w-99vr-7f2h

CVSS3: 8.2

github

больше 2 лет назад

EPSS

Процентиль: 32%

0.00122

Низкий

8.2 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-200

CWE-532