IRM Next Generation - CVE CyberSecurity Database News

Sep 7, 2023 API Exploit Resort Data Processing, Inc. IRM Next Generation

CVE-2023-39421 - How Hardcoded API Keys in RDPWin.dll Expose Sensitive Services

A recently disclosed security vulnerability, CVE-2023-39421, highlights the risks of hardcoded secrets in software used by hotels and resorts worldwide. The issue arises in RDPWin.

Sep 7, 2023 API Exploit SQL Resort Data Processing, Inc. IRM Next Generation

CVE-2023-39423 - Exploiting SQL Injection in RDPData.dll to Hijack Active Sessions

A serious vulnerability, now tracked as CVE-2023-39423, was found in certain software using the RDPData.dll library. This flaw exposes an API endpoint, /irmdata/api/

Sep 7, 2023 API Exploit Resort Data Processing, Inc. IRM Next Generation

CVE-2023-39422 - HMAC Token Leak in IRM Next Generation Booking Engine (/irmdata/api/) — How a Client-Side JavaScript Mistake Broke Their Security

--- Introduction CVE-2023-39422 is a security vulnerability found in the IRM Next Generation booking engine — a solution often used by hotels and travel companies for