nvd-json-data-feeds/CVE-2023/CVE-2023-33xx/CVE-2023-3349.json

{
  "id": "CVE-2023-3349",
  "sourceIdentifier": "cve-coordination@incibe.es",
  "published": "2023-10-03T14:15:10.853",
  "lastModified": "2023-10-05T00:59:13.483",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n en IBERMATICA RPS 2019, cuya explotaci\u00f3n podr\u00eda permitir a un usuario no autenticado recuperar informaci\u00f3n sensible, como nombres de usuario, direcciones IP o consultas SQL enviadas a la aplicaci\u00f3n. Al acceder a la URL /RPS2019Service/status.html, la aplicaci\u00f3n habilita el mecanismo de registro generando el archivo de registro, que se puede descargar."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      },
      {
        "source": "cve-coordination@incibe.es",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ]
    },
    {
      "source": "cve-coordination@incibe.es",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ayesa:ibermatica_rps:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A27BE43-C805-4D83-A2A2-AD6ADD243568"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ibermatica-rps-2019",
      "source": "cve-coordination@incibe.es",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}