CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
59.9%
IBM Sterling Connect:Direct Web Services uses Spring-Web. This bulletin identifies the steps to take to address the vulnerabilities.
CVEID:CVE-2023-44794
**DESCRIPTION:**Dromara SaToken and SpringBoot could allow a remote authenticated attacker to gain elevated privileges on the system. By sending crafted payload to the URL, an authenticated attacker could exploit this vulnerability to gain escalate privileges.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269597 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling Connect:Direct Web Services | 6.0 |
IBM Sterling Connect:Direct Web Services | 6.1.0 |
IBM Sterling Connect:Direct Web Services | 6.2.0 |
IBM Sterling Connect:Direct Web Services | 6.3.0 |
IBM Sterling Connect:Direct Web Services (Certified Container) | All |
IBM strongly recommends addressing the vulnerability now by upgrading …
Product(s)|Version(s)|**Remediation
**
—|—|—
IBM Sterling Connect:Direct Web Services| 6.0| Apply latest of any 6.1, 6.2, 6.3, available on Fix Central
IBM Sterling Connect:Direct Web Services| 6.1| Apply 6.1.0.24, available on Fix Central
IBM Sterling Connect:Direct Web Services| 6.2| Apply 6.2.0.23, available on Fix Central
IBM Sterling Connect:Direct Web Services| 6.3| Apply 6.3.0.7, available on Fix Central
IBM Sterling Connect:Direct Web Services (Certified Container)| All| Latest images on IBM Entitled Registry
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | sterling_connect\ | direct | cpe:2.3:a:ibm:sterling_connect\:direct:6.1:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
59.9%