CVE-2023-3350 — HIGH (8.2) — White Hats Nepal

Vulnerability Description

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username's password in plain text.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Ayesa	Ibermatica Rps	2019

Related Weaknesses (CWE)

CWE-532 CWE-327

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-iberThird Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-iberThird Party Advisory

FAQ

What is CVE-2023-3350?

CVE-2023-3350 is a vulnerability with a CVSS score of 8.2 (HIGH). A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in p...

How severe is CVE-2023-3350?

CVE-2023-3350 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-3350?

Check the references section above for vendor advisories and patch information. Affected products include: Ayesa Ibermatica Rps.