CVE-2023-51644
CVSS 3.0 Score 9.8 of 10 (critical)
Details
Published Nov 22, 2024
CWE ID 284
Summary
CVE-2023-51644 is a remote code execution vulnerability affecting Allegra's SiteConfigAction. The flaw, identified as ZDI-CAN-22512, results from improper access control within the Struts configuration. This vulnerability enables attackers to execute arbitrary code on affected installations without requiring authentication. The exploit grants the attacker LOCAL SERVICE privileges.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Allegra