PT-2023-29297 · Dromara+1 · Dromara Satoken+1
M4Ra7H0N
·
Publicado
2023-10-13
·
Atualizado
2024-09-12
·
CVE-2023-44794
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dromara SaToken versions 1.36.0 and earlier
IBM Sterling Connect Direct Web Services versions 6.0, 6.1.0, 6.2.0, 6.3.0
IBM Sterling Connect Direct Web Services (Certified Container) versions All
Description
An issue allows a remote attacker to escalate privileges via a crafted payload to the URL.
Recommendations
For Dromara SaToken versions 1.36.0 and earlier, update to a version later than 1.36.0.
For IBM Sterling Connect Direct Web Services versions 6.0, 6.1.0, 6.2.0, 6.3.0, apply the recommended fix from IBM.
For IBM Sterling Connect Direct Web Services (Certified Container) versions All, apply the recommended fix from IBM.
Exploit
Correção
Improper Preservation of Permissions
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Dromara Satoken
Ibm Sterling Connect:Direct Web Services