CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51639 – Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-51639
09 Feb 2024 — Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadExportedChart action. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51638 – Allegra Hard-coded Credentials Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-51638
09 Feb 2024 — Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a database. The issue results from the use of a hardcoded password. • https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html • CWE-798: Use of Hard-coded Credentials •