Lucene search

BitdefenderCVELIST:CVE-2023-39423

HistorySep 07, 2023 - 12:24 p.m.

CVE-2023-39423 Improper Neutralization of Special Elements used in an SQL Command in RDPData.dll

2023-09-0712:24:41

CWE-89

Bitdefender

www.cve.org

cve-2023-39423

sql injection

rdpdata.dll

/irmdata/api/common

session hijacking

user impersonation

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

49.5%

JSON

The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs, among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "RDPData.dll"
    ],
    "product": "IRM Next Generation",
    "vendor": "Resort Data Processing, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "5.3.2.15"
      }
    ]
  }
]

References

bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

49.5%

JSON

Related for CVELIST:CVE-2023-39423