Lucene search
HistorySep 07, 2023 - 1:15 p.m.
CVE-2023-39421
rdpwin.dll
hardcoded api keys
third-party services
twilio
vonage
unrestricted interaction
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS
0.001
Percentile
28.4%
The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services.
Affected configurations
Node
resortdatainternet_reservation_module_next_generationMatch5.4.1.23
| Vendor | Product | Version | CPE |
|---|---|---|---|
| resortdata | internet_reservation_module_next_generation | 5.4.1.23 | cpe:2.3:a:resortdata:internet_reservation_module_next_generation:5.4.1.23:*:*:*:*:*:*:* |
Related
prion
prion
Hardcoded credentials
2023-09-07 13:15:00
cvelist
cvelist
CVE-2023-39421 Use of Hard-coded Credentials in RDPWin.dll
2023-09-07 12:19:18
cve
cve
CVE-2023-39421
2023-09-07 13:15:08
vulnrichment
vulnrichment
CVE-2023-39421 Use of Hard-coded Credentials in RDPWin.dll
2023-09-07 12:19:18
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS
0.001
Percentile
28.4%
Related for NVD:CVE-2023-39421