Multiple vulnerabilities in Ibermática RPS 2019

Posted date 29/06/2023
Identificador

INCIBE-2023-0244

Importance
4 - High
Affected Resources

Ibermática RPS 2019

Description

INCIBE has coordinated the publication of 2 vulnerabilities in RPS 2019, an enterprise resouce planning software (ERP), which has been discovered by Francisco Javier Medina Munuera.

These vulnerabilities have been assigned the following codes:

  • CVE-2023-3349:
    • CVSS v3.1 base score: 8,2.
    • CVSS vector string: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.
    • Vulnerability type: CWE-200: information exposure.
  • CVE-2023-3350:
    • CVSS v3.1 base score: 8,2.
    • CVSS vector string: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.
    • Vulnerability type: CWE-310: cryptographic issues.
Solution

There is no identified solution. However, there is a new version of RPS (link in 'References').

Detail
  • CVE-2023-3349: information exposure vulnerability that could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded.
  • CVE-2023-3350: there is a cryptographic vulnerability that could be exploited by an attacker by downloading the log file, retrieving the SQL query sent to the application in plain text. This log file contains the password hashes encrypted with the AES-CBC-129 bit algorithm, which can be decrypted with a .NET function, obtaining the user's password in plain text.
References list