CVE-2023-39422 - OpenCVE

The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Resortdata	Internet Reservation Module Next Generation

Configuration 1 [-]

cpe:2.3:a:resortdata:internet_reservation_module_next_generation:-:*:*:*:*:*:*:*

References

Link	Resource
https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Bitdefender

Published: 2023-09-07T12:22:52.239Z

Updated: 2023-09-07T12:22:52.239Z

Reserved: 2023-08-01T15:26:26.149Z

Link: CVE-2023-39422

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-09-07T13:15:08.710

Modified: 2023-09-12T00:08:38.390

Link: CVE-2023-39422

JSON object: View

Redhat Information

No data.

CWE

CWE-798

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-39422", "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "state": "PUBLISHED", "assignerShortName": "Bitdefender", "dateReserved": "2023-08-01T15:26:26.149Z", "datePublished": "2023-09-07T12:22:52.239Z", "dateUpdated": "2023-09-07T12:22:52.239Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["/irmdata/api/"], "product": "IRM Next Generation", "vendor": "Resort Data Processing, Inc.", "versions": [{"status": "unknown", "version": "5"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bitdefender Cyber-Threat Intelligence Lab"}], "datePublic": "2023-09-07T09:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The <span style=\"background-color: rgb(255, 255, 255);\">/irmdata/api/ endpoints exposed by the</span> IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless."}], "value": "The\u00a0/irmdata/api/ endpoints exposed by the\u00a0IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless."}], "impacts": [{"capecId": "CAPEC-61", "descriptions": [{"lang": "en", "value": "CAPEC-61 Session Fixation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender", "dateUpdated": "2023-09-07T12:22:52.239Z"}, "references": [{"url": "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained"}], "source": {"discovery": "EXTERNAL"}, "title": "Use of Hard-coded Credentials in multiple /irmdata/api/ endpoints", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:resortdata:internet_reservation_module_next_generation:-:*:*:*:*:*:*:*", "matchCriteriaId": "6BCCB65A-86A1-4C73-A33B-DE4E5B03F21F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The\u00a0/irmdata/api/ endpoints exposed by the\u00a0IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless."}, {"lang": "es", "value": "Los extremos /irmdata/api/ endpoints expuestos por el motor de reservas de IRM Next Generation autentican las solicitudes mediante tokens HMAC. Sin embargo, estos tokens se exponen en un archivo JavaScript cargado en el lado del cliente, lo que hace que este mecanismo de seguridad adicional sea in\u00fatil. "}], "id": "CVE-2023-39422", "lastModified": "2023-09-12T00:08:38.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}, "published": "2023-09-07T13:15:08.710", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Third Party Advisory"], "url": "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "cve-requests@bitdefender.com", "type": "Primary"}]}