CVSS 3.1 Score 9.8 of 10 (high)


Published Jan 23, 2024
Updated: Feb 1, 2024
CWE ID 502


CVE-2024-23636 is a vulnerability affecting the SOFARPC Java RPC framework. The vulnerability allows a gadget chain to bypass the SOFA Hessian blacklist protection mechanism, potentially leading to remote code execution. This vulnerability can be mitigated by updating to version 5.12.0 or later, which includes a blacklist to prevent exploitation. Additionally, users can add an additional blacklist class to avoid the issue. The vulnerability carries a base severity rating of CRITICAL and has a high impact on integrity and confidentiality. It has a CVSS v3.1 base score of 9.8 and an exploitability score of 3.9, posing a significant danger to organizations that utilize affected versions of SOFARPC.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-23636 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options