1E · 1E Platform Saas · CVE-2023-45162
**Name of the Vulnerable Software and Affected Versions**
1E Platform versions 8.1.2 through 9.0.1
1E Platform SaaS versions prior to 23.7.1
**Description**
The issue is a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue.
**Recommendations**
For version 8.1.2, apply hotfix Q23166
For version 8.4.1, apply hotfix Q23164
For version 9.0.1, apply hotfix Q23169
For SaaS implementations on version 23.7.1 or later, no action is required as hotfix Q23173 will be automatically applied
For SaaS versions below 23.7.1, contact 1E to arrange an urgent upgrade