{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T06:15:45.689","vulnerabilities":[{"cve":{"id":"CVE-2023-39423","sourceIdentifier":"cve-requests@bitdefender.com","published":"2023-09-07T13:15:08.837","lastModified":"2024-11-21T08:15:23.907","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs,  among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user.\n"},{"lang":"es","value":"El archivo RDPData.dll expone el extremo /irmdata/api/common endpoint que controla los identificadores de sesión, entre otras características. Mediante el uso de un operador UNION SQL, un atacante puede filtrar la tabla de sesiones, obtener las sesiones actualmente válidas y suplantar a un usuario que ha iniciado sesión actualmente. "}],"metrics":{"cvssMetricV31":[{"source":"cve-requests@bitdefender.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"cve-requests@bitdefender.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:resortdata:internet_reservation_module_next_generation:5.3.2.15:*:*:*:*:*:*:*","matchCriteriaId":"D9D4E8D4-6E26-4EEE-BFB6-FA4BB522808C"}]}]}],"references":[{"url":"https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained","source":"cve-requests@bitdefender.com","tags":["Third Party Advisory"]},{"url":"https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}