CVE-2023-3349 Information

Description

Information exposure vulnerability in IBERMATICA RPS 2019 which exploitation could allow an unauthenticated user to retrieve sensitive information such as usernames IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html the application enables the logging mechanism by generating the log file which can be downloaded.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ibermatica-rps-2019