CRITICAL🇬🇧 English

CVE-2023-44794

CVSS 9.8v3.1pub. 2023-10-25upd. 2024-11-21

An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dromara Sa Token

    APP
    Dromara
    < 1.37.0
  • VMware Spring Boot

    APP
    Vmware
    ≥ 2.3.1
  • VMware Spring Framework

    APP
    Vmware
    ≥ 5.3.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2026-40976CRITICAL9.1PL ✓ten sam produkt

VMware Spring Boot: nieefektywna domyślna ochrona web security — nieautoryzowany dostęp

CVE-2023-20873CRITICAL9.8ten sam produkt

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is ...

CVE-2021-26987CRITICAL9.8ten sam produkt

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1...

CVE-2016-1000027CRITICAL9.8ten sam produkt

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for...