CVE-2023-39421 - Hardcoded API Keys in RDPWin.dll Component Allowing Unrestricted Access to Third-Party Services
A recent discovery revealed that the RDPWin.dll component in the IRM Next Generation booking engine includes hardcoded API keys for third-party services such as
CVE-2023-39423 - Critical RDPData.dll Vulnerability Allows Attackers to Leak Session IDs and Impersonate Users
A critical vulnerability has been discovered in the RDPData.dll file, which exposes the /irmdata/api/common endpoint that handles session IDs and several other
CVE-2023-39422: IRM Next Generation Booking Engine's Client-Side HMAC Token Exposure
An authentication vulnerability, termed CVE-2023-39422, has been discovered within the IRM Next Generation booking engine, which exposes critical HMAC tokens through client-side JavaScript files. Due
Episode
00:00:00
00:00:00