CVE-2023-39423

{"id": "CVE-2023-39423", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve-requests@bitdefender.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2023-09-07T13:15:08.837", "references": [{"url": "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained", "tags": ["Third Party Advisory"], "source": "cve-requests@bitdefender.com"}, {"url": "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve-requests@bitdefender.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "The RDPData.dll file exposes the\u00a0/irmdata/api/common endpoint that handles session IDs, \u00a0among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user.\n"}, {"lang": "es", "value": "El archivo RDPData.dll expone el extremo /irmdata/api/common endpoint que controla los identificadores de sesi\u00f3n, entre otras caracter\u00edsticas. Mediante el uso de un operador UNION SQL, un atacante puede filtrar la tabla de sesiones, obtener las sesiones actualmente v\u00e1lidas y suplantar a un usuario que ha iniciado sesi\u00f3n actualmente. "}], "lastModified": "2024-11-21T08:15:23.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:resortdata:internet_reservation_module_next_generation:5.3.2.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9D4E8D4-6E26-4EEE-BFB6-FA4BB522808C"}], "operator": "OR"}]}], "sourceIdentifier": "cve-requests@bitdefender.com"}