Critical severity9.9NVD Advisory· Published Sep 7, 2023· Updated Jun 17, 2026
CVE-2023-39420
CVE-2023-39420
Description
The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a routine inside the DLL file. Once reverse-engineered, this routine can help an attacker generate the daily password and connect to application customers. Given that this is an administrative account, anyone logging into a customer deployment has full, unrestricted access to the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 5.3.2.15
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.