Resortdata Internet Reservation Module Next Generation — known CVE vulnerabilities
Every CVE whose affected-product data names Resortdata Internet Reservation Module Next Generation, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2023-39420 — CVSS 9.9 (critical): The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an "admin"…
CVE-2023-39424 — CVSS 9.9 (critical): A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary…
CVE-2023-39423 — CVSS 8.6 (high): The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs, among other features. By using a UNION SQL…
CVE-2023-39421 — CVSS 7.7 (high): The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services…
CVE-2023-39422 — CVSS 6.5 (medium): The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are…