CVE-2023-51638

Опубликовано: 22 нояб. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The specific flaw exists within the configuration of a database. The issue results from the use of a hardcoded password. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22360.

Ссылки

https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html
Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-24-111/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:alltena:allegra:*:*:*:*:*:*:*:*

Версия до 7.5.1 (исключая)

EPSS

Процентиль: 41%

0.00192

Низкий

9.8 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-798

Связанные уязвимости

GHSA-5r59-wwwh-xxvm

CVSS3: 9.8

github

около 1 года назад

Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a database. The issue results from the use of a hardcoded password. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22360.

EPSS

Процентиль: 41%

0.00192

Низкий

9.8 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-798