An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDromara Sa Token
APPDromara< 1.37.0VMware Spring Boot
APPVmware≥ 2.3.1VMware Spring Framework
APPVmware≥ 5.3.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
Powiązane podatności
CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...
CVE-2026-40976CRITICAL9.1PL ✓ten sam produkt
VMware Spring Boot: nieefektywna domyślna ochrona web security — nieautoryzowany dostęp
CVE-2023-20873CRITICAL9.8ten sam produkt
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is ...
CVE-2021-26987CRITICAL9.8ten sam produkt
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1...
CVE-2016-1000027CRITICAL9.8ten sam produkt
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for...