Vulnerabilities > CVE-2023-39421 - Unspecified vulnerability in Resortdata Internet Reservation Module Next Generation 5.4.1.23

CVSS 7.7 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

resortdata

NVD

Published: 2023-09-07

Updated: 2024-11-21

Summary

The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services.

Vulnerable Configurations

Part	Description	Count
Application	Resortdata Resortdata Internet Reservation Module Next Generation 5.4.1.23	1

References

https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained
https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained