{"api_version":"1","generated_at":"2026-04-22T23:09:32+00:00","cve":"CVE-2023-3349","urls":{"html":"https://cve.report/CVE-2023-3349","api":"https://cve.report/api/cve/CVE-2023-3349.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-3349","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-3349"},"summary":{"title":"CVE-2023-3349","description":"Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded.","state":"PUBLIC","assigner":"cve-coordination@incibe.es","published_at":"2023-10-03 14:15:00","updated_at":"2023-10-05 00:59:00"},"problem_types":["CWE-532"],"metrics":[],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ibermatica-rps-2019","name":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ibermatica-rps-2019","refsource":"MISC","tags":[],"title":"Multiple Vulnerabilities Ibermatica Rps 2019 | INCIBE-CERT | INCIBE","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-3349","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3349","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"3349","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ayesa","cpe5":"ibermatica_rps","cpe6":"2019","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-3349","ASSIGNER":"cve-coordination@incibe.es","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor","cweId":"CWE-200"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"IBERMATICA","product":{"product_data":[{"product_name":"IBERMATICA RPS 2019","version":{"version_data":[{"version_affected":"=","version_value":"RPS 2019"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ibermatica-rps-2019","refsource":"MISC","name":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ibermatica-rps-2019"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"credits":[{"lang":"en","value":"Francisco Javier Medina Munuera"}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2023-10-03 14:15:00","lastModifiedDate":"2023-10-05 00:59:00","problem_types":["CWE-532"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ayesa:ibermatica_rps:2019:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}