CVE-2023-45162 CRITICAL

CVE-2023-45162: Blind SQL vulnerability in 1E platform

Vendor 1E

Product 1E Platform

Weakness CWE-89 · SQLi

Published October 13, 2023

Last update June 18, 2025

View on NVD All CVEs

CVSS base score

9.9/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this

Key dates

02Disclosure timeline

October 13, 2023 CVE published

June 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-45162

Related vulnerabilities

Identifiers

CVE CVE-2023-45162

CWE CWE-89

CVSS 9.9 / CRITICAL

Affected versions

Vendor 1E

Product 1E Platform

Affected < 8.1.2

Vendor 1E

Product 1E Platform

Affected < 8.4.1

Vendor 1E

Product 1E Platform

Affected < 9.0.1

Vendor 1E

Product 1E Platform

Affected < 23.7.1

CVE-2023-45162: Blind SQL vulnerability in 1E platform

01Description

02Disclosure timeline

03References

04Related CVE