{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T06:16:28.232","vulnerabilities":[{"cve":{"id":"CVE-2023-51644","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2024-11-22T20:15:06.987","lastModified":"2026-06-17T06:41:23.397","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the configuration of Struts. The issue results from improper access control. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22512."},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código en Allegra SiteConfigAction debido a un control de acceso inadecuado. Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en las instalaciones afectadas de Allegra. No se requiere autenticación para explotar esta vulnerabilidad. La falla específica existe dentro de la configuración de Struts. El problema es el resultado de un control de acceso inadecuado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de SERVICIO LOCAL. Era ZDI-CAN-22512."}],"affected":[{"source":"zdi-disclosures@trendmicro.com","affectedData":[{"vendor":"Allegra","product":"Allegra","defaultStatus":"unknown","versions":[{"version":"7.5.0 build 29","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"alltena","product":"allegra","defaultStatus":"unknown","cpes":["cpe:2.3:a:alltena:allegra:7.5.0build29:*:*:*:*:*:*:*"],"versions":[{"version":"7.5.0build29","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-25T16:31:52.393593Z","id":"CVE-2023-51644","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:alltena:allegra:*:*:*:*:*:*:*:*","versionEndExcluding":"7.5.1","matchCriteriaId":"21BACEA1-B578-4BE9-89BC-CA7C3F409FD8"}]}]}],"references":[{"url":"https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html","source":"zdi-disclosures@trendmicro.com","tags":["Release Notes"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-24-102/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]}]}}]}