Search criteria
52 vulnerabilities found for Command Centre by Gallagher
CVE-2024-23194 (GCVE-0-2024-23194)
Vulnerability from cvelistv5 – Published: 2024-07-11 02:39 – Updated: 2024-08-01 22:59
VLAI?
Summary
Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files.
This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 (MR1).
Severity ?
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
9.10 , < vEL9.10.1268
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T20:03:55.374612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T16:55:36.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-23194"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "vEL9.10.1268",
"status": "affected",
"version": "9.10",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper output Neutralization for Logs (CWE-117) in the Command Centre \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAPI\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDiagnostics \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEndpoint could allow an attacker limited ability to modify Command Centre log files. \u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eThis issue affects:\u003c/b\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Gallagher Command Centre v\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e9.10 prior to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evEL9.10.1268 (MR1).\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper output Neutralization for Logs (CWE-117) in the Command Centre API\u00a0Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. \n\nThis issue affects:\u00a0Gallagher Command Centre v9.10 prior to vEL9.10.1268 (MR1)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117 Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T02:39:08.929Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-23194"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2024-23194",
"datePublished": "2024-07-11T02:39:08.929Z",
"dateReserved": "2024-02-05T04:16:48.025Z",
"dateUpdated": "2024-08-01T22:59:31.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23570 (GCVE-0-2023-23570)
Vulnerability from cvelistv5 – Published: 2023-12-18 21:59 – Updated: 2024-11-27 20:27
VLAI?
Summary
Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior.
This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.
Severity ?
5.4 (Medium)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
0 , ≤ 8.80
(custom)
Affected: 8.90 , ≤ 8.90.1620 (MR2) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23570"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T20:27:10.315759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T20:27:18.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.80",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.90.1620 (MR2)",
"status": "affected",
"version": "8.90",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eClient-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. \u003cbr\u003e\u003cbr\u003eThis issue affects: Gallagher Command Centre \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8.90 prior to vEL8.90.1620 (MR2), \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eall versions of 8.80 and prior.\u003c/span\u003e\n\n"
}
],
"value": "\nClient-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. \n\nThis issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T21:59:16.732Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23570"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-23570",
"datePublished": "2023-12-18T21:59:16.732Z",
"dateReserved": "2023-02-03T20:38:05.220Z",
"dateUpdated": "2024-11-27T20:27:18.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23568 (GCVE-0-2023-23568)
Vulnerability from cvelistv5 – Published: 2023-07-25 01:31 – Updated: 2024-10-17 13:05
VLAI?
Summary
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.
This issue affects Command Centre: vEL
8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2),
vEL8.70 prior to
vEL8.70.2185 (MR4),
vEL8.60 prior to
vEL8.60.2347 (MR6),
vEL8.50 prior to
vEL8.50.2831 (MR8), all versions
vEL8.40 and prior
Severity ?
4.3 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
vEL8.90 , < 1318
(custom)
Affected: vEL8.80 , < 1192 (custom) Affected: vEL8.70 , < 2185 (custom) Affected: vEL8.60 , < 2347 (custom) Affected: vEL8.50 , < 2831 (custom) Affected: vEL8.40 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:07.162966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:05:39.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "1318",
"status": "affected",
"version": "vEL8.90",
"versionType": "custom"
},
{
"lessThan": "1192",
"status": "affected",
"version": "vEL8.80",
"versionType": "custom"
},
{
"lessThan": "2185",
"status": "affected",
"version": "vEL8.70",
"versionType": "custom"
},
{
"lessThan": "2347",
"status": "affected",
"version": "vEL8.60",
"versionType": "custom"
},
{
"lessThan": "2831",
"status": "affected",
"version": "vEL8.50",
"versionType": "custom"
},
{
"status": "affected",
"version": "vEL8.40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Command Centre: vEL\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), \n\nvEL8.70 prior to \n\nvEL8.70.2185 (MR4), \n\nvEL8.60 prior to \n\nvEL8.60.2347 (MR6), \n\nvEL8.50 prior to \n\nvEL8.50.2831 (MR8), all versions \n\nvEL8.40 and prior\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.\n\nThis issue affects Command Centre: vEL\n\n8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), \n\nvEL8.70 prior to \n\nvEL8.70.2185 (MR4), \n\nvEL8.60 prior to \n\nvEL8.60.2347 (MR6), \n\nvEL8.50 prior to \n\nvEL8.50.2831 (MR8), all versions \n\nvEL8.40 and prior\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T01:31:59.175Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-23568",
"datePublished": "2023-07-25T01:31:59.175Z",
"dateReserved": "2023-02-03T20:38:05.273Z",
"dateUpdated": "2024-10-17T13:05:39.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22363 (GCVE-0-2023-22363)
Vulnerability from cvelistv5 – Published: 2023-07-24 23:09 – Updated: 2024-10-17 13:04
VLAI?
Summary
A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.
This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)
Severity ?
6.5 (Medium)
CWE
- CWE-121 - Stack-based buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
vEL8.80 , < 1192
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22363"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:12.969143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:04:52.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "1192",
"status": "affected",
"version": "vEL8.80",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)\u003c/p\u003e"
}
],
"value": "\nA stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.\n\nThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-24T23:09:14.127Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22363"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Access Zone stack overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-22363",
"datePublished": "2023-07-24T23:09:14.127Z",
"dateReserved": "2023-02-03T20:38:05.254Z",
"dateUpdated": "2024-10-17T13:04:52.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25074 (GCVE-0-2023-25074)
Vulnerability from cvelistv5 – Published: 2023-07-24 23:05 – Updated: 2024-10-17 13:04
VLAI?
Summary
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.
This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4),
vEL8.60 prior to vEL8.60.2347 (MR6),
vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.
Severity ?
7.1 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
vEL8.40
Affected: vEL8.50 , < 2831 (custom) Affected: vEL8.60 , < 2347 (custom) Affected: vEL8.70 , < 2185 (custom) Affected: vEL8.80 , < 1192 (custom) Affected: vEL8.90 , < 1318 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:44.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25074"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25074",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:17.838609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:04:13.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"status": "affected",
"version": "vEL8.40"
},
{
"lessThan": "2831",
"status": "affected",
"version": "vEL8.50",
"versionType": "custom"
},
{
"lessThan": "2347",
"status": "affected",
"version": "vEL8.60",
"versionType": "custom"
},
{
"lessThan": "2185",
"status": "affected",
"version": "vEL8.70",
"versionType": "custom"
},
{
"lessThan": "1192",
"status": "affected",
"version": "vEL8.80",
"versionType": "custom"
},
{
"lessThan": "1318",
"status": "affected",
"version": "vEL8.90",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.\u003c/span\u003e\n\n\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\n\nThis issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evEL8.60 prior to vEL8.60.2347 (MR6),\u003c/span\u003e\n\nvEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.\n\n\n\n\n\n\nThis issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), \n\nvEL8.60 prior to vEL8.60.2347 (MR6),\n\nvEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-27T05:39:07.574Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25074"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Competency access levels not enforced in the server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-25074",
"datePublished": "2023-07-24T23:05:24.657Z",
"dateReserved": "2023-02-03T20:38:05.215Z",
"dateUpdated": "2024-10-17T13:04:13.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22428 (GCVE-0-2023-22428)
Vulnerability from cvelistv5 – Published: 2023-07-24 22:44 – Updated: 2024-10-17 13:03
VLAI?
Summary
Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.
This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.
Severity ?
7.6 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
vEL8.80 , < 1192
(custom)
Affected: vEL8.70 , < 2185 (custom) Affected: vEL8.60 , < 2347 (custom) Affected: vEL8.50 , < 2831 (custom) Affected: vEL8.40 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22428"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:25.608720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:03:53.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "1192",
"status": "affected",
"version": "vEL8.80",
"versionType": "custom"
},
{
"lessThan": "2185",
"status": "affected",
"version": "vEL8.70",
"versionType": "custom"
},
{
"lessThan": "2347",
"status": "affected",
"version": "vEL8.60",
"versionType": "custom"
},
{
"lessThan": "2831",
"status": "affected",
"version": "vEL8.50",
"versionType": "custom"
},
{
"status": "affected",
"version": "vEL8.40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.\u003c/p\u003e"
}
],
"value": "\nImproper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.\n\nThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-24T22:44:15.816Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22428"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-22428",
"datePublished": "2023-07-24T22:44:15.816Z",
"dateReserved": "2023-02-03T20:38:05.249Z",
"dateUpdated": "2024-10-17T13:03:53.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26348 (GCVE-0-2022-26348)
Vulnerability from cvelistv5 – Published: 2022-07-06 16:29 – Updated: 2024-08-03 05:03
VLAI?
Summary
Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions.
Severity ?
8.2 (High)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
unspecified , ≤ 8.20
(custom)
Affected: 8.60 , < 8.60.1652 (custom) Affected: 8.50 , < 8.50.2245 (custom) Affected: 8.40 , < 8.40.2216 (custom) Affected: 8.30 , < 8.30.1470 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2022-26348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.60.1652",
"status": "affected",
"version": "8.60",
"versionType": "custom"
},
{
"lessThan": "8.50.2245",
"status": "affected",
"version": "8.50",
"versionType": "custom"
},
{
"lessThan": "8.40.2216",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1470",
"status": "affected",
"version": "8.30",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T16:29:59",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2022-26348"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2022-26348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.60",
"version_value": "8.60.1652"
},
{
"version_affected": "\u003c",
"version_name": "8.50",
"version_value": "8.50.2245"
},
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.2216"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1470"
},
{
"version_affected": "\u003c=",
"version_value": "8.20"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2022-26348",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2022-26348"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2022-26348",
"datePublished": "2022-07-06T16:29:59",
"dateReserved": "2022-03-04T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23193 (GCVE-0-2021-23193)
Vulnerability from cvelistv5 – Published: 2021-11-18 18:02 – Updated: 2024-09-17 02:46
VLAI?
Summary
Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions.
Severity ?
8.1 (High)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
unspecified , ≤ 8.10
(custom)
Affected: 8.50 , < 8.50.2048 (MR3) (custom) Affected: 8.40 , < 8.40.2063 (MR4) (custom) Affected: 8.30 , < 8.30.1454 (MR4) (custom) Affected: 8.20 , < 8.20.1291 (MR6) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23193"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.50.2048 (MR3)",
"status": "affected",
"version": "8.50",
"versionType": "custom"
},
{
"lessThan": "8.40.2063 (MR4)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1454 (MR4)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
},
{
"lessThan": "8.20.1291 (MR6)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-18T18:02:43",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23193"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"DATE_PUBLIC": "2021-11-15T07:34:00.000Z",
"ID": "CVE-2021-23193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.50",
"version_value": "8.50.2048 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.2063 (MR4)"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1454 (MR4)"
},
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1291 (MR6)"
},
{
"version_affected": "\u003c=",
"version_value": "8.10"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23193",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23193"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23193",
"datePublished": "2021-11-18T18:02:43.319367Z",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-09-17T02:46:48.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23197 (GCVE-0-2021-23197)
Vulnerability from cvelistv5 – Published: 2021-11-18 18:01 – Updated: 2024-09-16 18:17
VLAI?
Summary
Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;
Severity ?
5.2 (Medium)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
8.50 , < 8.50.2048 (MR3)
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:54.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "8.50.2048 (MR3)",
"status": "affected",
"version": "8.50",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-18T18:01:52",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23197"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"DATE_PUBLIC": "2021-11-15T07:34:00.000Z",
"ID": "CVE-2021-23197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.50",
"version_value": "8.50.2048 (MR3)"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23197",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23197"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23197",
"datePublished": "2021-11-18T18:01:52.750598Z",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-09-16T18:17:45.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23167 (GCVE-0-2021-23167)
Vulnerability from cvelistv5 – Published: 2021-11-18 18:00 – Updated: 2024-09-17 02:05
VLAI?
Summary
Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; version 8.20 and prior versions.
Severity ?
8.1 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
unspecified , ≤ 8.20
(custom)
Affected: 8.50 , < 8.50.2048 (MR3) (custom) Affected: 8.40 , < 8.40.2063 (MR4) (custom) Affected: 8.30 , < 8.30.1454 (MR4) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23167"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.50.2048 (MR3)",
"status": "affected",
"version": "8.50",
"versionType": "custom"
},
{
"lessThan": "8.40.2063 (MR4)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1454 (MR4)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; version 8.20 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-18T18:00:40",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23167"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"DATE_PUBLIC": "2021-11-15T07:34:00.000Z",
"ID": "CVE-2021-23167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.50",
"version_value": "8.50.2048 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.2063 (MR4)"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1454 (MR4)"
},
{
"version_affected": "\u003c=",
"version_value": "8.20"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; version 8.20 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23167",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23167"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23167",
"datePublished": "2021-11-18T18:00:40.281044Z",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-09-17T02:05:57.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23230 (GCVE-0-2021-23230)
Vulnerability from cvelistv5 – Published: 2021-06-11 15:46 – Updated: 2024-08-03 19:05
VLAI?
Summary
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.
Severity ?
9.9 (Critical)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
unspecified , ≤ 8.00
(custom)
Affected: 8.40 , < 8.40.1888 (MR3) (custom) Affected: 8.30 , < 8.30.1359 (MR3) (custom) Affected: 8.20 , < 8.20.1259 (MR5) (custom) Affected: 8.10 , < 8.10.1284 (MR7) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23230"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.40.1888 (MR3)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1359 (MR3)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
},
{
"lessThan": "8.20.1259 (MR5)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
},
{
"lessThan": "8.10.1284 (MR7)",
"status": "affected",
"version": "8.10",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:46:01",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23230"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2021-23230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.1888 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1359 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1259 (MR5)"
},
{
"version_affected": "\u003c",
"version_name": "8.10",
"version_value": "8.10.1284 (MR7)"
},
{
"version_affected": "\u003c=",
"version_value": "8.00"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23230",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23230"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23230",
"datePublished": "2021-06-11T15:46:01",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T19:05:55.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23204 (GCVE-0-2021-23204)
Vulnerability from cvelistv5 – Published: 2021-06-11 15:46 – Updated: 2024-08-03 19:05
VLAI?
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3).
Severity ?
8.1 (High)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
8.40 , < 8.40.1888 (MR3)
(custom)
Affected: 8.30 , < 8.30.1359 (MR3) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:54.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "8.40.1888 (MR3)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1359 (MR3)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:46:01",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23204"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2021-23204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.1888 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1359 (MR3)"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23204",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23204"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23204",
"datePublished": "2021-06-11T15:46:01",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T19:05:54.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23205 (GCVE-0-2021-23205)
Vulnerability from cvelistv5 – Published: 2021-06-11 15:46 – Updated: 2024-08-03 19:05
VLAI?
Summary
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.
Severity ?
8.1 (High)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
unspecified , ≤ 8.10
(custom)
Affected: 8.40 , < 8.40.1888 (MR3) (custom) Affected: 8.30 , < 8.30.1359 (MR3) (custom) Affected: 8.20 , < 8.20.1259 (MR5) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.40.1888 (MR3)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1359 (MR3)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
},
{
"lessThan": "8.20.1259 (MR5)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:46:01",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23205"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2021-23205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.1888 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1359 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1259 (MR5)"
},
{
"version_affected": "\u003c=",
"version_value": "8.10"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-116 Improper Encoding or Escaping of Output"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23205",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23205"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23205",
"datePublished": "2021-06-11T15:46:01",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T19:05:55.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23182 (GCVE-0-2021-23182)
Vulnerability from cvelistv5 – Published: 2021-06-11 15:46 – Updated: 2024-08-03 19:05
VLAI?
Summary
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30.
Severity ?
6 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
8.30
Affected: 8.40 , < 8.40.1888 (MR3) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"status": "affected",
"version": "8.30"
},
{
"lessThan": "8.40.1888 (MR3)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-316",
"description": "CWE-316",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:46:01",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23182"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2021-23182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.1888 (MR3)"
},
{
"version_affected": "=",
"version_value": "8.30"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-316"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23182",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23182"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23182",
"datePublished": "2021-06-11T15:46:01",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T19:05:55.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23211 (GCVE-0-2021-23211)
Vulnerability from cvelistv5 – Published: 2021-06-11 15:46 – Updated: 2024-08-03 19:05
VLAI?
Summary
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3).
Severity ?
6 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
8.40 , < 8.40.1888 (MR3)
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "8.40.1888 (MR3)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-316",
"description": "CWE-316",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:46:01",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23211"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2021-23211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.1888 (MR3)"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-316"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23211",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23211"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23211",
"datePublished": "2021-06-11T15:46:01",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T19:05:55.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23194 (GCVE-0-2024-23194)
Vulnerability from nvd – Published: 2024-07-11 02:39 – Updated: 2024-08-01 22:59
VLAI?
Summary
Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files.
This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 (MR1).
Severity ?
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
9.10 , < vEL9.10.1268
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T20:03:55.374612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T16:55:36.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-23194"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "vEL9.10.1268",
"status": "affected",
"version": "9.10",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper output Neutralization for Logs (CWE-117) in the Command Centre \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAPI\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDiagnostics \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEndpoint could allow an attacker limited ability to modify Command Centre log files. \u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eThis issue affects:\u003c/b\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Gallagher Command Centre v\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e9.10 prior to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evEL9.10.1268 (MR1).\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper output Neutralization for Logs (CWE-117) in the Command Centre API\u00a0Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. \n\nThis issue affects:\u00a0Gallagher Command Centre v9.10 prior to vEL9.10.1268 (MR1)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117 Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T02:39:08.929Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-23194"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2024-23194",
"datePublished": "2024-07-11T02:39:08.929Z",
"dateReserved": "2024-02-05T04:16:48.025Z",
"dateUpdated": "2024-08-01T22:59:31.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23570 (GCVE-0-2023-23570)
Vulnerability from nvd – Published: 2023-12-18 21:59 – Updated: 2024-11-27 20:27
VLAI?
Summary
Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior.
This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.
Severity ?
5.4 (Medium)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
0 , ≤ 8.80
(custom)
Affected: 8.90 , ≤ 8.90.1620 (MR2) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23570"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T20:27:10.315759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T20:27:18.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.80",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.90.1620 (MR2)",
"status": "affected",
"version": "8.90",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eClient-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. \u003cbr\u003e\u003cbr\u003eThis issue affects: Gallagher Command Centre \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8.90 prior to vEL8.90.1620 (MR2), \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eall versions of 8.80 and prior.\u003c/span\u003e\n\n"
}
],
"value": "\nClient-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. \n\nThis issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T21:59:16.732Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23570"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-23570",
"datePublished": "2023-12-18T21:59:16.732Z",
"dateReserved": "2023-02-03T20:38:05.220Z",
"dateUpdated": "2024-11-27T20:27:18.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23568 (GCVE-0-2023-23568)
Vulnerability from nvd – Published: 2023-07-25 01:31 – Updated: 2024-10-17 13:05
VLAI?
Summary
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.
This issue affects Command Centre: vEL
8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2),
vEL8.70 prior to
vEL8.70.2185 (MR4),
vEL8.60 prior to
vEL8.60.2347 (MR6),
vEL8.50 prior to
vEL8.50.2831 (MR8), all versions
vEL8.40 and prior
Severity ?
4.3 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
vEL8.90 , < 1318
(custom)
Affected: vEL8.80 , < 1192 (custom) Affected: vEL8.70 , < 2185 (custom) Affected: vEL8.60 , < 2347 (custom) Affected: vEL8.50 , < 2831 (custom) Affected: vEL8.40 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:07.162966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:05:39.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "1318",
"status": "affected",
"version": "vEL8.90",
"versionType": "custom"
},
{
"lessThan": "1192",
"status": "affected",
"version": "vEL8.80",
"versionType": "custom"
},
{
"lessThan": "2185",
"status": "affected",
"version": "vEL8.70",
"versionType": "custom"
},
{
"lessThan": "2347",
"status": "affected",
"version": "vEL8.60",
"versionType": "custom"
},
{
"lessThan": "2831",
"status": "affected",
"version": "vEL8.50",
"versionType": "custom"
},
{
"status": "affected",
"version": "vEL8.40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Command Centre: vEL\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), \n\nvEL8.70 prior to \n\nvEL8.70.2185 (MR4), \n\nvEL8.60 prior to \n\nvEL8.60.2347 (MR6), \n\nvEL8.50 prior to \n\nvEL8.50.2831 (MR8), all versions \n\nvEL8.40 and prior\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.\n\nThis issue affects Command Centre: vEL\n\n8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), \n\nvEL8.70 prior to \n\nvEL8.70.2185 (MR4), \n\nvEL8.60 prior to \n\nvEL8.60.2347 (MR6), \n\nvEL8.50 prior to \n\nvEL8.50.2831 (MR8), all versions \n\nvEL8.40 and prior\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T01:31:59.175Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-23568",
"datePublished": "2023-07-25T01:31:59.175Z",
"dateReserved": "2023-02-03T20:38:05.273Z",
"dateUpdated": "2024-10-17T13:05:39.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22363 (GCVE-0-2023-22363)
Vulnerability from nvd – Published: 2023-07-24 23:09 – Updated: 2024-10-17 13:04
VLAI?
Summary
A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.
This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)
Severity ?
6.5 (Medium)
CWE
- CWE-121 - Stack-based buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
vEL8.80 , < 1192
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22363"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:12.969143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:04:52.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "1192",
"status": "affected",
"version": "vEL8.80",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)\u003c/p\u003e"
}
],
"value": "\nA stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.\n\nThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-24T23:09:14.127Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22363"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Access Zone stack overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-22363",
"datePublished": "2023-07-24T23:09:14.127Z",
"dateReserved": "2023-02-03T20:38:05.254Z",
"dateUpdated": "2024-10-17T13:04:52.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25074 (GCVE-0-2023-25074)
Vulnerability from nvd – Published: 2023-07-24 23:05 – Updated: 2024-10-17 13:04
VLAI?
Summary
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.
This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4),
vEL8.60 prior to vEL8.60.2347 (MR6),
vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.
Severity ?
7.1 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
vEL8.40
Affected: vEL8.50 , < 2831 (custom) Affected: vEL8.60 , < 2347 (custom) Affected: vEL8.70 , < 2185 (custom) Affected: vEL8.80 , < 1192 (custom) Affected: vEL8.90 , < 1318 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:44.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25074"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25074",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:17.838609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:04:13.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"status": "affected",
"version": "vEL8.40"
},
{
"lessThan": "2831",
"status": "affected",
"version": "vEL8.50",
"versionType": "custom"
},
{
"lessThan": "2347",
"status": "affected",
"version": "vEL8.60",
"versionType": "custom"
},
{
"lessThan": "2185",
"status": "affected",
"version": "vEL8.70",
"versionType": "custom"
},
{
"lessThan": "1192",
"status": "affected",
"version": "vEL8.80",
"versionType": "custom"
},
{
"lessThan": "1318",
"status": "affected",
"version": "vEL8.90",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.\u003c/span\u003e\n\n\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\n\nThis issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evEL8.60 prior to vEL8.60.2347 (MR6),\u003c/span\u003e\n\nvEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.\n\n\n\n\n\n\nThis issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), \n\nvEL8.60 prior to vEL8.60.2347 (MR6),\n\nvEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-27T05:39:07.574Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25074"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Competency access levels not enforced in the server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-25074",
"datePublished": "2023-07-24T23:05:24.657Z",
"dateReserved": "2023-02-03T20:38:05.215Z",
"dateUpdated": "2024-10-17T13:04:13.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22428 (GCVE-0-2023-22428)
Vulnerability from nvd – Published: 2023-07-24 22:44 – Updated: 2024-10-17 13:03
VLAI?
Summary
Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.
This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.
Severity ?
7.6 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
vEL8.80 , < 1192
(custom)
Affected: vEL8.70 , < 2185 (custom) Affected: vEL8.60 , < 2347 (custom) Affected: vEL8.50 , < 2831 (custom) Affected: vEL8.40 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22428"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:25.608720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:03:53.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "1192",
"status": "affected",
"version": "vEL8.80",
"versionType": "custom"
},
{
"lessThan": "2185",
"status": "affected",
"version": "vEL8.70",
"versionType": "custom"
},
{
"lessThan": "2347",
"status": "affected",
"version": "vEL8.60",
"versionType": "custom"
},
{
"lessThan": "2831",
"status": "affected",
"version": "vEL8.50",
"versionType": "custom"
},
{
"status": "affected",
"version": "vEL8.40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.\u003c/p\u003e"
}
],
"value": "\nImproper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.\n\nThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-24T22:44:15.816Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22428"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-22428",
"datePublished": "2023-07-24T22:44:15.816Z",
"dateReserved": "2023-02-03T20:38:05.249Z",
"dateUpdated": "2024-10-17T13:03:53.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26348 (GCVE-0-2022-26348)
Vulnerability from nvd – Published: 2022-07-06 16:29 – Updated: 2024-08-03 05:03
VLAI?
Summary
Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions.
Severity ?
8.2 (High)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
unspecified , ≤ 8.20
(custom)
Affected: 8.60 , < 8.60.1652 (custom) Affected: 8.50 , < 8.50.2245 (custom) Affected: 8.40 , < 8.40.2216 (custom) Affected: 8.30 , < 8.30.1470 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2022-26348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.60.1652",
"status": "affected",
"version": "8.60",
"versionType": "custom"
},
{
"lessThan": "8.50.2245",
"status": "affected",
"version": "8.50",
"versionType": "custom"
},
{
"lessThan": "8.40.2216",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1470",
"status": "affected",
"version": "8.30",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T16:29:59",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2022-26348"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2022-26348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.60",
"version_value": "8.60.1652"
},
{
"version_affected": "\u003c",
"version_name": "8.50",
"version_value": "8.50.2245"
},
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.2216"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1470"
},
{
"version_affected": "\u003c=",
"version_value": "8.20"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2022-26348",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2022-26348"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2022-26348",
"datePublished": "2022-07-06T16:29:59",
"dateReserved": "2022-03-04T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23193 (GCVE-0-2021-23193)
Vulnerability from nvd – Published: 2021-11-18 18:02 – Updated: 2024-09-17 02:46
VLAI?
Summary
Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions.
Severity ?
8.1 (High)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
unspecified , ≤ 8.10
(custom)
Affected: 8.50 , < 8.50.2048 (MR3) (custom) Affected: 8.40 , < 8.40.2063 (MR4) (custom) Affected: 8.30 , < 8.30.1454 (MR4) (custom) Affected: 8.20 , < 8.20.1291 (MR6) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23193"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.50.2048 (MR3)",
"status": "affected",
"version": "8.50",
"versionType": "custom"
},
{
"lessThan": "8.40.2063 (MR4)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1454 (MR4)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
},
{
"lessThan": "8.20.1291 (MR6)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-18T18:02:43",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23193"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"DATE_PUBLIC": "2021-11-15T07:34:00.000Z",
"ID": "CVE-2021-23193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.50",
"version_value": "8.50.2048 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.2063 (MR4)"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1454 (MR4)"
},
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1291 (MR6)"
},
{
"version_affected": "\u003c=",
"version_value": "8.10"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23193",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23193"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23193",
"datePublished": "2021-11-18T18:02:43.319367Z",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-09-17T02:46:48.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23197 (GCVE-0-2021-23197)
Vulnerability from nvd – Published: 2021-11-18 18:01 – Updated: 2024-09-16 18:17
VLAI?
Summary
Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;
Severity ?
5.2 (Medium)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
8.50 , < 8.50.2048 (MR3)
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:54.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "8.50.2048 (MR3)",
"status": "affected",
"version": "8.50",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-18T18:01:52",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23197"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"DATE_PUBLIC": "2021-11-15T07:34:00.000Z",
"ID": "CVE-2021-23197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.50",
"version_value": "8.50.2048 (MR3)"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23197",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23197"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23197",
"datePublished": "2021-11-18T18:01:52.750598Z",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-09-16T18:17:45.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23167 (GCVE-0-2021-23167)
Vulnerability from nvd – Published: 2021-11-18 18:00 – Updated: 2024-09-17 02:05
VLAI?
Summary
Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; version 8.20 and prior versions.
Severity ?
8.1 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
unspecified , ≤ 8.20
(custom)
Affected: 8.50 , < 8.50.2048 (MR3) (custom) Affected: 8.40 , < 8.40.2063 (MR4) (custom) Affected: 8.30 , < 8.30.1454 (MR4) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23167"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.50.2048 (MR3)",
"status": "affected",
"version": "8.50",
"versionType": "custom"
},
{
"lessThan": "8.40.2063 (MR4)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1454 (MR4)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; version 8.20 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-18T18:00:40",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23167"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"DATE_PUBLIC": "2021-11-15T07:34:00.000Z",
"ID": "CVE-2021-23167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.50",
"version_value": "8.50.2048 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.2063 (MR4)"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1454 (MR4)"
},
{
"version_affected": "\u003c=",
"version_value": "8.20"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; version 8.20 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23167",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23167"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23167",
"datePublished": "2021-11-18T18:00:40.281044Z",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-09-17T02:05:57.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23230 (GCVE-0-2021-23230)
Vulnerability from nvd – Published: 2021-06-11 15:46 – Updated: 2024-08-03 19:05
VLAI?
Summary
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.
Severity ?
9.9 (Critical)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
unspecified , ≤ 8.00
(custom)
Affected: 8.40 , < 8.40.1888 (MR3) (custom) Affected: 8.30 , < 8.30.1359 (MR3) (custom) Affected: 8.20 , < 8.20.1259 (MR5) (custom) Affected: 8.10 , < 8.10.1284 (MR7) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23230"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.40.1888 (MR3)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1359 (MR3)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
},
{
"lessThan": "8.20.1259 (MR5)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
},
{
"lessThan": "8.10.1284 (MR7)",
"status": "affected",
"version": "8.10",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:46:01",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23230"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2021-23230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.1888 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1359 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1259 (MR5)"
},
{
"version_affected": "\u003c",
"version_name": "8.10",
"version_value": "8.10.1284 (MR7)"
},
{
"version_affected": "\u003c=",
"version_value": "8.00"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23230",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23230"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23230",
"datePublished": "2021-06-11T15:46:01",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T19:05:55.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23204 (GCVE-0-2021-23204)
Vulnerability from nvd – Published: 2021-06-11 15:46 – Updated: 2024-08-03 19:05
VLAI?
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3).
Severity ?
8.1 (High)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
8.40 , < 8.40.1888 (MR3)
(custom)
Affected: 8.30 , < 8.30.1359 (MR3) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:54.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "8.40.1888 (MR3)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1359 (MR3)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:46:01",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23204"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2021-23204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.1888 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1359 (MR3)"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23204",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23204"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23204",
"datePublished": "2021-06-11T15:46:01",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T19:05:54.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23205 (GCVE-0-2021-23205)
Vulnerability from nvd – Published: 2021-06-11 15:46 – Updated: 2024-08-03 19:05
VLAI?
Summary
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.
Severity ?
8.1 (High)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
unspecified , ≤ 8.10
(custom)
Affected: 8.40 , < 8.40.1888 (MR3) (custom) Affected: 8.30 , < 8.30.1359 (MR3) (custom) Affected: 8.20 , < 8.20.1259 (MR5) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.40.1888 (MR3)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1359 (MR3)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
},
{
"lessThan": "8.20.1259 (MR5)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:46:01",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23205"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2021-23205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.1888 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1359 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1259 (MR5)"
},
{
"version_affected": "\u003c=",
"version_value": "8.10"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-116 Improper Encoding or Escaping of Output"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23205",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23205"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23205",
"datePublished": "2021-06-11T15:46:01",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T19:05:55.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23182 (GCVE-0-2021-23182)
Vulnerability from nvd – Published: 2021-06-11 15:46 – Updated: 2024-08-03 19:05
VLAI?
Summary
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30.
Severity ?
6 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
8.30
Affected: 8.40 , < 8.40.1888 (MR3) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"status": "affected",
"version": "8.30"
},
{
"lessThan": "8.40.1888 (MR3)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-316",
"description": "CWE-316",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:46:01",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23182"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2021-23182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.1888 (MR3)"
},
{
"version_affected": "=",
"version_value": "8.30"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-316"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23182",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23182"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23182",
"datePublished": "2021-06-11T15:46:01",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T19:05:55.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23211 (GCVE-0-2021-23211)
Vulnerability from nvd – Published: 2021-06-11 15:46 – Updated: 2024-08-03 19:05
VLAI?
Summary
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3).
Severity ?
6 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
8.40 , < 8.40.1888 (MR3)
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "8.40.1888 (MR3)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-316",
"description": "CWE-316",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:46:01",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23211"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2021-23211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.1888 (MR3)"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-316"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23211",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23211"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23211",
"datePublished": "2021-06-11T15:46:01",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T19:05:55.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}