PT-2023-29297 · Dromara+1 · Dromara Satoken+1
M4Ra7H0N
·
Published
2023-10-13
·
Updated
2024-09-12
·
CVE-2023-44794
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dromara SaToken versions 1.36.0 and earlier
IBM Sterling Connect Direct Web Services versions 6.0, 6.1.0, 6.2.0, 6.3.0
IBM Sterling Connect Direct Web Services (Certified Container) versions All
Description
An issue allows a remote attacker to escalate privileges via a crafted payload to the URL.
Recommendations
For Dromara SaToken versions 1.36.0 and earlier, update to a version later than 1.36.0.
For IBM Sterling Connect Direct Web Services versions 6.0, 6.1.0, 6.2.0, 6.3.0, apply the recommended fix from IBM.
For IBM Sterling Connect Direct Web Services (Certified Container) versions All, apply the recommended fix from IBM.
Exploit
Fix
Improper Preservation of Permissions
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dromara Satoken
Ibm Sterling Connect:Direct Web Services