PT-2023-29444 · 1E · 1E Platform Saas+1
1E Penetration
·
Published
2023-10-13
·
Updated
2025-05-20
·
CVE-2023-45162
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
1E Platform versions 8.1.2 through 9.0.1
1E Platform SaaS versions prior to 23.7.1
Description
The issue is a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue.
Recommendations
For version 8.1.2, apply hotfix Q23166
For version 8.4.1, apply hotfix Q23164
For version 9.0.1, apply hotfix Q23169
For SaaS implementations on version 23.7.1 or later, no action is required as hotfix Q23173 will be automatically applied
For SaaS versions below 23.7.1, contact 1E to arrange an urgent upgrade
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
1E Platform
1E Platform Saas