CVE-2023-3349

Name of the Vulnerable Software and Affected Versions IBERMATICA RPS 2019 (affected versions not specified)

Description The issue allows an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses, or SQL queries sent to the application. This is achieved by accessing the URL "/RPS2019Service/status.html", which enables the logging mechanism and generates a log file that can be downloaded.

Recommendations As a temporary workaround, consider restricting access to the "/RPS2019Service/status.html" endpoint until a patch is available. Avoid using the logging mechanism in the application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.