CVE-2023-39423

Name of the Vulnerable Software and Affected Versions Software (affected versions not specified)

Description The RDPData.dll file exposes the "/irmdata/api/common" endpoint that handles session IDs, among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.