Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability
CVE-2023-51644

7.3HIGH

Key Information:

Vendor: Allegra
Status: Allegra
Vendor: CVE Published:; 22 November 2024

What is CVE-2023-51644?

The Allegra SiteConfigAction features a vulnerability that allows remote attackers to execute arbitrary code on vulnerable installations without authentication. This flaw arises from improper access control mechanisms within the Struts framework, allowing attackers to exploit the issue and potentially execute code with the privileges of the LOCAL SERVICE account. Addressing this vulnerability is crucial to maintain the integrity and security of Allegra implementations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Allegra 7.5.0 build 29

References

https://www.zerodayinitiative.com/advisories/ZDI-24-102/

x_research-advisory

https://www.trackplus.com/en/service/release-notes-reader...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2024
Vulnerability Reserved
Dec 20, 2023

JSON

Allegra