Lucene search
K
ResortdataInternet Reservation Module Next Generation

5 matches found

CVE
CVE
added 2023/09/07 12:22 p.m.2488 views

CVE-2023-39422

The CVE-2023-39422 issue affects the IRM Next Generation booking engine’s /irmdata/api/ endpoints. The root cause is that HMAC tokens used to authenticate requests are exposed in a client-side JavaScript file, which renders this extra safety mechanism ineffective. Descriptions across sources repe...

9.8CVSS7.3AI score0.00355EPSS
CVE
CVE
added 2023/09/07 12:19 p.m.2487 views

CVE-2023-39421

CVE-2023-39421 involves the RDPWin.dll component used by the IRM Next Generation booking engine, which contains hardcoded API keys for third‑party services (Twilio, Vonage). The root cause is hardcoded credentials in RDPWin.dll, enabling unrestricted interaction with these services. NVD assigns a...

7.7CVSS7.6AI score0.00392EPSS
CVE
CVE
added 2023/09/07 12:24 p.m.2483 views

CVE-2023-39423

CVE-2023-39423 affects RDPData.dll, where the /irmdata/api/common endpoint processes session IDs and other features. The underlying issue is improper neutralization of SQL commands, enabling a UNION-based SQL injection that can leak the sessions table and obtain currently valid sessions, allowing...

9.1CVSS8.9AI score0.00468EPSS
Web
CVE
CVE
added 2023/09/07 12:25 p.m.48 views

CVE-2023-39424

CVE-2023-39424 affects the RDPngFileUpload.dll component used by the IRM Next Generation booking system. The vulnerability allows a remote attacker to upload arbitrary content (e.g., a web shell) to the SQL database and execute it with SYSTEM privileges. Authentication is required for exploitatio...

9.9CVSS9.5AI score0.00737EPSS
CVE
CVE
added 2023/09/07 12:17 p.m.47 views

CVE-2023-39420

CVE-2023-39420 affects the RDPCore.dll component used in the IRM Next Generation booking engine. The vulnerability arises from a routine that computes a daily password for an admin account, enabling a remote user who can access a customer deployment to gain full, unrestricted access to the applic...

9.9CVSS9.1AI score0.00548EPSS