Description
Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials.
References (3)
Core 3
Core References
Various Sources
https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-43978
Patch, Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/CVE-2021-43978
Vendor Advisory
https://www.allegro.be/
Scores
CVSS v3
7.1
EPSS
0.0074
EPSS Percentile
49.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Details
CWE
CWE-522
Status
published
Products (1)
allegro/allegro
3.3.4152.0
Published
Dec 08, 2021
Tracked Since
Feb 18, 2026