Feb. 9, 2024, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-22506.

arbitrary code attackers authentication can code code execution cvss data deserialization exploit mechanism privilege product rating registration remote code remote code execution untrusted vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

Financial Crimes Compliance - Senior - Consulting - Location Open

@ EY | New York City, US, 10001-8604

Software Engineer - Cloud Security

@ Neo4j | Malmö

Security Consultant

@ LRQA | Singapore, Singapore, SG, 119963

Identity Governance Consultant

@ Allianz | Sydney, NSW, AU, 2000

Educator, Cybersecurity

@ Brain Station | Toronto

Principal Security Engineer

@ Hippocratic AI | Palo Alto