CVE-2023-39423

The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs, among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:resortdata:internet_reservation_module_next_generation:5.3.2.15:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-09-07 13:15

Updated : 2023-09-12 00:08

NVD link : CVE-2023-39423

Mitre link : CVE-2023-39423

CVE.ORG link : CVE-2023-39423

JSON object : View

Products Affected

resortdata

internet_reservation_module_next_generation

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-39423", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve-requests@bitdefender.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2023-09-07T13:15:08.837", "references": [{"url": "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained", "tags": ["Third Party Advisory"], "source": "cve-requests@bitdefender.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve-requests@bitdefender.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "The RDPData.dll file exposes the\u00a0/irmdata/api/common endpoint that handles session IDs, \u00a0among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user.\n"}, {"lang": "es", "value": "El archivo RDPData.dll expone el extremo /irmdata/api/common endpoint que controla los identificadores de sesi\u00f3n, entre otras caracter\u00edsticas. Mediante el uso de un operador UNION SQL, un atacante puede filtrar la tabla de sesiones, obtener las sesiones actualmente v\u00e1lidas y suplantar a un usuario que ha iniciado sesi\u00f3n actualmente. "}], "lastModified": "2023-09-12T00:08:52.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:resortdata:internet_reservation_module_next_generation:5.3.2.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9D4E8D4-6E26-4EEE-BFB6-FA4BB522808C"}], "operator": "OR"}]}], "sourceIdentifier": "cve-requests@bitdefender.com"}