Security Advisory

CVE-2023-39423

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-09-07 12:24:41

Last updated 2024-09-26 19:12:27

Assigner Bitdefender

State PUBLISHED

Description

The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs, among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user.

← Browse all CVEs View on cve.org ↗