CVE-2023-44794 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2023-44794?
CVE-2023-44794 is a critical vulnerability affecting Dromara SaToken version 1.36.0 and earlier. This security issue allows remote attackers to escalate privileges by sending a crafted payload to a specific URL. Systems running Dromara SaToken up to version 1.36.0, along with VMware Spring Boot 2.3.1 and later, and VMware Spring Framework 5.3.0 and later, are at risk. It is essential for users to be aware of this vulnerability and take necessary precautions to protect their systems.
Who is impacted?
The CVE-2023-44794 vulnerability affects users of Dromara SaToken up to version 1.36.0. This security issue allows remote attackers to escalate privileges by sending a crafted payload to a specific URL. If you're using Dromara SaToken version 1.36.0 or earlier, your system may be at risk. It's important to be aware of this vulnerability and take necessary precautions to protect your systems.
What to do if CVE-2023-44794 affected you?
If you're affected by the CVE-2023-44794 vulnerability, it's crucial to take action to protect your system. To mitigate the risk, follow these steps:
Update Dromara SaToken to version 1.37.0 or later.
Ensure your system is running the latest versions of VMware Spring Boot and VMware Spring Framework.
Monitor the GitHub issue ****for additional information and potential solutions.
Is it in CISA’s Known Exploited Vulnerabilities Catalog?
CVE-2023-44794 is not listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, affecting Dromara SaToken version 1.36.0 and earlier, was published on October 25, 2023. No specific due date or required action is mentioned, but users should update their software and monitor relevant sources for additional information and potential solutions.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-Insufficient Information, indicating a lack of specific details about the vulnerability and its mitigation.
Learn More
CVE-2023-44794 is a critical vulnerability affecting Dromara SaToken version 1.36.0 and earlier, allowing remote attackers to escalate privileges. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-44794 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2023-44794?
CVE-2023-44794 is a critical vulnerability affecting Dromara SaToken version 1.36.0 and earlier. This security issue allows remote attackers to escalate privileges by sending a crafted payload to a specific URL. Systems running Dromara SaToken up to version 1.36.0, along with VMware Spring Boot 2.3.1 and later, and VMware Spring Framework 5.3.0 and later, are at risk. It is essential for users to be aware of this vulnerability and take necessary precautions to protect their systems.
Who is impacted?
The CVE-2023-44794 vulnerability affects users of Dromara SaToken up to version 1.36.0. This security issue allows remote attackers to escalate privileges by sending a crafted payload to a specific URL. If you're using Dromara SaToken version 1.36.0 or earlier, your system may be at risk. It's important to be aware of this vulnerability and take necessary precautions to protect your systems.
What to do if CVE-2023-44794 affected you?
If you're affected by the CVE-2023-44794 vulnerability, it's crucial to take action to protect your system. To mitigate the risk, follow these steps:
Update Dromara SaToken to version 1.37.0 or later.
Ensure your system is running the latest versions of VMware Spring Boot and VMware Spring Framework.
Monitor the GitHub issue ****for additional information and potential solutions.
Is it in CISA’s Known Exploited Vulnerabilities Catalog?
CVE-2023-44794 is not listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, affecting Dromara SaToken version 1.36.0 and earlier, was published on October 25, 2023. No specific due date or required action is mentioned, but users should update their software and monitor relevant sources for additional information and potential solutions.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-Insufficient Information, indicating a lack of specific details about the vulnerability and its mitigation.
Learn More
CVE-2023-44794 is a critical vulnerability affecting Dromara SaToken version 1.36.0 and earlier, allowing remote attackers to escalate privileges. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-44794 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2023-44794?
CVE-2023-44794 is a critical vulnerability affecting Dromara SaToken version 1.36.0 and earlier. This security issue allows remote attackers to escalate privileges by sending a crafted payload to a specific URL. Systems running Dromara SaToken up to version 1.36.0, along with VMware Spring Boot 2.3.1 and later, and VMware Spring Framework 5.3.0 and later, are at risk. It is essential for users to be aware of this vulnerability and take necessary precautions to protect their systems.
Who is impacted?
The CVE-2023-44794 vulnerability affects users of Dromara SaToken up to version 1.36.0. This security issue allows remote attackers to escalate privileges by sending a crafted payload to a specific URL. If you're using Dromara SaToken version 1.36.0 or earlier, your system may be at risk. It's important to be aware of this vulnerability and take necessary precautions to protect your systems.
What to do if CVE-2023-44794 affected you?
If you're affected by the CVE-2023-44794 vulnerability, it's crucial to take action to protect your system. To mitigate the risk, follow these steps:
Update Dromara SaToken to version 1.37.0 or later.
Ensure your system is running the latest versions of VMware Spring Boot and VMware Spring Framework.
Monitor the GitHub issue ****for additional information and potential solutions.
Is it in CISA’s Known Exploited Vulnerabilities Catalog?
CVE-2023-44794 is not listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, affecting Dromara SaToken version 1.36.0 and earlier, was published on October 25, 2023. No specific due date or required action is mentioned, but users should update their software and monitor relevant sources for additional information and potential solutions.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-Insufficient Information, indicating a lack of specific details about the vulnerability and its mitigation.
Learn More
CVE-2023-44794 is a critical vulnerability affecting Dromara SaToken version 1.36.0 and earlier, allowing remote attackers to escalate privileges. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions