CVE-2023-45162

Name of the Vulnerable Software and Affected Versions 1E Platform versions 8.1.2 through 9.0.1 1E Platform SaaS versions prior to 23.7.1

Description The issue is a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue.

Recommendations For version 8.1.2, apply hotfix Q23166 For version 8.4.1, apply hotfix Q23164 For version 9.0.1, apply hotfix Q23169 For SaaS implementations on version 23.7.1 or later, no action is required as hotfix Q23173 will be automatically applied For SaaS versions below 23.7.1, contact 1E to arrange an urgent upgrade