Skip to main content

Internet Reservation Module Next Generation

5 CVEs product

Monthly

CVE-2023-39424 HIGH This Week

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Internet Reservation Module Next Generation
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-39423 CRITICAL Act Now

The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs, among other features. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Internet Reservation Module Next Generation
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-39422 CRITICAL Act Now

The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates requests using HMAC tokens. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Internet Reservation Module Next Generation
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-39421 HIGH This Week

The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Internet Reservation Module Next Generation
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2023-39420 HIGH This Week

The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Internet Reservation Module Next Generation
NVD
CVSS 3.1
8.8
EPSS
0.5%
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Internet Reservation Module Next Generation
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs, among other features. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Internet Reservation Module Next Generation
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates requests using HMAC tokens. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Internet Reservation Module Next Generation
NVD
EPSS 0% CVSS 7.7
HIGH This Week

The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Internet Reservation Module Next Generation
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Internet Reservation Module Next Generation
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy