CNNVD-202506-2840 Information

CNNVD ID

CNNVD-202506-2840

Related CVE

CVE-2025-6216

• CNNVD Published: 2025-06-21

Description (Chinese)

Allegra是Allegra公司的一款适用于中型企业的项目管理软件。 Allegra存在授权问题漏洞，该漏洞源于密码恢复机制依赖可预测值，可能导致认证绕过。

Description (English)

Allegra is an Allegra project management software for medium-sized enterprises. Allegra has a mandate gap, which arises from the reliance of the password restoration mechanism on predictable values, which may lead to certification circumvention.

Hazard Level

Low

Vulnerability Type

授权问题

Affected Vendor

Allegra

Published

2025-06-21

Last Modified

2026-02-24

References

https://alltena.com/en/resources/release-notes/release-notes-for-release-8-1-4-and-release-7-5-2 https://www.zerodayinitiative.com/advisories/ZDI-25-410/ https://nvd.nist.gov/vuln/detail/CVE-2025-6216

Patch

https://alltena.com/en/resources/release-notes/release-notes-for-release-8-1-4-and-release-7-5-2