Search criteria
111 vulnerabilities found for command_centre by gallagher
FKIE_CVE-2024-21838
Vulnerability from fkie_nvd - Published: 2024-03-05 03:15 - Updated: 2025-02-10 22:33
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre.
This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CB4E79-0153-4DB1-BE98-91A39FB06C5A",
"versionEndIncluding": "8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA675A52-8CC9-4A20-8EB1-7A066FB8E3C0",
"versionEndExcluding": "8.70.2526",
"versionStartIncluding": "8.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BCEEB9A-DB54-4FFB-A596-29E7329958F3",
"versionEndExcluding": "8.80.1526",
"versionStartIncluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5770EF66-119E-414B-9188-53D5935D8CFC",
"versionEndExcluding": "8.90.1751",
"versionStartIncluding": "8.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC849EB3-3967-4018-B28E-83C39E99BB6A",
"versionEndExcluding": "9.00.1774",
"versionStartIncluding": "9.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nImproper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. \n\nThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u00a0all version of 8.60 and prior.\n\n\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n inadecuada de elementos especiales en la salida (CWE-74) utilizados por la funci\u00f3n de generaci\u00f3n de correo electr\u00f3nico de Command Centre Server podr\u00eda provocar la inyecci\u00f3n de c\u00f3digo HTML en los correos electr\u00f3nicos generados por Command Center. Este problema afecta a: Gallagher Command Center 9.00 anterior a vEL9.00.1774 (MR2), 8.90 anterior a vEL8.90.1751 (MR3), 8.80 anterior a vEL8.80.1526 (MR4), 8.70 anterior a vEL8.70.2526 (MR6), todas las versiones de 8.60 y anteriores."
}
],
"id": "CVE-2024-21838",
"lastModified": "2025-02-10T22:33:35.600",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-05T03:15:06.280",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-21815
Vulnerability from fkie_nvd - Published: 2024-03-05 03:15 - Updated: 2025-02-10 22:36
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users.
This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CB4E79-0153-4DB1-BE98-91A39FB06C5A",
"versionEndIncluding": "8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA675A52-8CC9-4A20-8EB1-7A066FB8E3C0",
"versionEndExcluding": "8.70.2526",
"versionStartIncluding": "8.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BCEEB9A-DB54-4FFB-A596-29E7329958F3",
"versionEndExcluding": "8.80.1526",
"versionStartIncluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5770EF66-119E-414B-9188-53D5935D8CFC",
"versionEndExcluding": "8.90.1751",
"versionStartIncluding": "8.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC849EB3-3967-4018-B28E-83C39E99BB6A",
"versionEndExcluding": "9.00.1774",
"versionStartIncluding": "9.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nInsufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. \n\nThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u00a0all version of 8.60 and prior.\n\n\n\n"
},
{
"lang": "es",
"value": "Las credenciales insuficientemente protegidas (CWE-522) para integraciones de DVR de terceros al Command Center Server son accesibles para usuarios autenticados pero sin privilegios. Este problema afecta a: Gallagher Command Center 9.00 anterior a vEL9.00.1774 (MR2), 8.90 anterior a vEL8.90.1751 (MR3), 8.80 anterior a vEL8.80.1526 (MR4), 8.70 anterior a vEL8.70.2526 (MR6), todas las versiones de 8.60 y anteriores."
}
],
"id": "CVE-2024-21815",
"lastModified": "2025-02-10T22:36:41.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 5.3,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-05T03:15:06.060",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-21815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-21815"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-23576
Vulnerability from fkie_nvd - Published: 2023-12-18 22:15 - Updated: 2024-11-21 07:46
Severity ?
4.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
4.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
4.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision.
This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C4F969-A44F-40D6-A92B-56A2653A0786",
"versionEndIncluding": "8.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54586395-20DD-4AB8-8C2A-26870B1522A2",
"versionEndExcluding": "8.60.2550",
"versionStartIncluding": "8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E787E1B-4152-4F45-8E6E-1761938E48A3",
"versionEndExcluding": "8.70.2375",
"versionStartIncluding": "8.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6091751E-0326-445F-ABFF-09BE6D3543BF",
"versionEndExcluding": "8.80.1369",
"versionStartIncluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0605C7-4DC1-4F63-9987-D3320AC4D6A5",
"versionEndExcluding": "8.90.1620",
"versionStartIncluding": "8.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nIncorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. \n\nThis issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.\n\n"
},
{
"lang": "es",
"value": "El orden de comportamiento incorrecto en Command Center Server podr\u00eda permitir que los usuarios privilegiados obtengan acceso f\u00edsico al sitio durante m\u00e1s tiempo del previsto despu\u00e9s de una interrupci\u00f3n de la red cuando se utilizan competencias en la decisi\u00f3n de acceso. Este problema afecta a: Gallagher Command Center: 8.90 anterior a vEL8.90.1620 (MR2), 8.80 anterior a vEL8.80.1369 (MR3), 8.70 anterior a vEL8.70.2375 (MR5), 8.60 anterior a vEL8.60.2550 (MR7), todas las versiones de 8.50 y anteriores."
}
],
"id": "CVE-2023-23576",
"lastModified": "2024-11-21T07:46:27.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-18T22:15:08.210",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23576"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-696"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-46686
Vulnerability from fkie_nvd - Published: 2023-12-18 22:15 - Updated: 2024-11-21 08:29
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Summary
A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols.
This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | 9.00.1507 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "516A63FB-0145-4EAE-BAF5-2724C1F9F24D",
"versionEndExcluding": "9.00.1507",
"versionStartIncluding": "9.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:9.00.1507:-:*:*:*:*:*:*",
"matchCriteriaId": "7B79DE16-27CB-4D2D-AEDC-3CA2D4ACC5C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA reliance on untrusted inputs in a security decision could be exploited by a privileged\u00a0user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. \n\nThis issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).\n\n\n\n"
},
{
"lang": "es",
"value": "Un usuario privilegiado podr\u00eda aprovechar la dependencia de entradas sin confianza en una decisi\u00f3n de seguridad para configurar el Gallagher Command Centre Diagnostics Service para utilizar protocolos de comunicaci\u00f3n menos seguros. Este problema afecta: Gallagher Diagnostics Service anterior a v1.3.0 (distribuido en 9.00.1507(MR1))."
}
],
"id": "CVE-2023-46686",
"lastModified": "2024-11-21T08:29:04.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-18T22:15:08.967",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-807"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-23570
Vulnerability from fkie_nvd - Published: 2023-12-18 22:15 - Updated: 2024-11-21 07:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior.
This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5386B5-7245-4F42-A0F9-10FBC8854D19",
"versionEndIncluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0605C7-4DC1-4F63-9987-D3320AC4D6A5",
"versionEndExcluding": "8.90.1620",
"versionStartIncluding": "8.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nClient-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. \n\nThis issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.\n\n"
},
{
"lang": "es",
"value": "La aplicaci\u00f3n de seguridad del lado del servidor para el servidor Command Center por parte del cliente podr\u00eda omitirse y dar lugar a una configuraci\u00f3n no v\u00e1lida con un comportamiento indefinido. Este problema afecta: Gallagher Command Center 8.90 anterior a vEL8.90.1620 (MR2), todas las versiones 8.80 y anteriores."
}
],
"id": "CVE-2023-23570",
"lastModified": "2024-11-21T07:46:26.900",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-18T22:15:08.020",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23570"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-602"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-23584
Vulnerability from fkie_nvd - Published: 2023-12-18 22:15 - Updated: 2024-11-21 07:46
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable.
This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C4F969-A44F-40D6-A92B-56A2653A0786",
"versionEndIncluding": "8.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20DE4B8C-B06D-4A8E-A608-CCCC7DC60A22",
"versionEndExcluding": "8.60.2039",
"versionStartIncluding": "8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03086229-3EDC-4DE2-8B53-9F7CA574D0CF",
"versionEndExcluding": "8.70.1787",
"versionStartIncluding": "8.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. \n\nThis issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.\n\n"
},
{
"lang": "es",
"value": "Una discrepancia de respuesta observable en la API REST de Gallagher Command Centre permite a un usuario sin privilegios suficientes inferir la presencia de elementos que de otro modo no ser\u00edan visibles. Este problema afecta: Gallagher Command Center 8.70 anterior a vEL8.70.1787 (MR2), 8.60 anterior a vEL8.60.2039 (MR4), todas las versiones de 8.50 y anteriores."
}
],
"id": "CVE-2023-23584",
"lastModified": "2024-11-21T07:46:28.840",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-18T22:15:08.407",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23584"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-204"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-22439
Vulnerability from fkie_nvd - Published: 2023-12-18 22:15 - Updated: 2024-11-21 07:44
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface.
This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3183049E-D5F5-416E-B5B6-140B02510BC0",
"versionEndIncluding": "8.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "162DF4B0-4F15-48D0-9D67-2AD509FD1FAD",
"versionEndExcluding": "8.60.231116a",
"versionStartIncluding": "8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30EEB0FF-D2F2-47DA-9666-6532730B195F",
"versionEndExcluding": "8.70.231204a",
"versionStartIncluding": "8.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11F6F34-20E1-4BF8-BA36-819F2B153320",
"versionEndExcluding": "8.80.231204a",
"versionStartIncluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "715CA029-60DF-422B-90BA-C806DCE041FC",
"versionEndExcluding": "8.90.231204a",
"versionStartIncluding": "8.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gallagher:controller_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF2B03B-B033-439F-8CEE-334FA8053278",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C4F969-A44F-40D6-A92B-56A2653A0786",
"versionEndIncluding": "8.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "189BCB50-4E9F-4E0B-B03F-D703BD14B6C9",
"versionEndExcluding": "8.60.231116a",
"versionStartIncluding": "8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63286868-84A7-492C-8F48-E0FB883C5666",
"versionEndExcluding": "8.70.231204a",
"versionStartIncluding": "8.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48DE400E-2C3D-485C-8C8E-DA79BC155E7F",
"versionEndExcluding": "8.80.231204a",
"versionStartIncluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14A61AE2-E3D1-4BEE-B5E1-361E6E0A617E",
"versionEndExcluding": "8.90.231204a",
"versionStartIncluding": "8.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gallagher:controller_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF2B03B-B033-439F-8CEE-334FA8053278",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:gallagher:controller_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F7F6A6-8F69-45C1-A59D-D9FB3FD0C1C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nImproper input validation of a large HTTP request in the Controller 6000 and Controller 7000\u00a0optional\u00a0diagnostic web interface (Port 80)\u00a0can be used to perform a Denial of Service of the diagnostic web interface.\n\nThis issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.\n\n"
},
{
"lang": "es",
"value": "Se puede utilizar una validaci\u00f3n de entrada incorrecta de una solicitud HTTP grande en la interfaz web de diagn\u00f3stico opcional de Controller 6000 y Controller 7000 (puerto 80) para realizar una denegaci\u00f3n de servicio de la interfaz web de diagn\u00f3stico. Este problema afecta a: \nGallagher Controller 6000 y 7000 8.90 antes de vCR8.90.231204a (distribuido en 8.90.1620 (MR2)), \n8.80 antes de vCR8.80.231204a (distribuido en 8.80.1369 (MR3)), \n8.70 antes de vCR8. 70.231204a (distribuido en 8.70.2375 (MR5)), \n8.60 antes de vCR8.60.231116a (distribuido en 8.60.2550 (MR7)), \ntodas las versiones de 8.50 y anteriores."
}
],
"id": "CVE-2023-22439",
"lastModified": "2024-11-21T07:44:48.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-18T22:15:07.807",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-22439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-22439"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-23568
Vulnerability from fkie_nvd - Published: 2023-07-25 02:15 - Updated: 2024-11-21 07:46
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.
This issue affects Command Centre: vEL
8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2),
vEL8.70 prior to
vEL8.70.2185 (MR4),
vEL8.60 prior to
vEL8.60.2347 (MR6),
vEL8.50 prior to
vEL8.50.2831 (MR8), all versions
vEL8.40 and prior
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E51DC51C-E4D6-4C8D-8235-10258F79A6C5",
"versionEndIncluding": "8.40.2216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B23146CE-CE9D-4850-8169-D0C168A3D037",
"versionEndExcluding": "8.50.2831",
"versionStartIncluding": "8.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12131674-A0E9-4A12-BA87-C9207DA8C34C",
"versionEndExcluding": "8.60.2347",
"versionStartIncluding": "8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1E36DB-F15E-449A-A672-4853D31CE064",
"versionEndExcluding": "8.70.2185",
"versionStartIncluding": "8.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92A438BA-DC52-4253-B5B6-4BE8CD7A1CCA",
"versionEndExcluding": "8.80.1192",
"versionStartIncluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "110D9A0C-409D-4B1F-84B6-274B15D87CA3",
"versionEndExcluding": "8.90.1318",
"versionStartIncluding": "8.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.\n\nThis issue affects Command Centre: vEL\n\n8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), \n\nvEL8.70 prior to \n\nvEL8.70.2185 (MR4), \n\nvEL8.60 prior to \n\nvEL8.60.2347 (MR6), \n\nvEL8.50 prior to \n\nvEL8.50.2831 (MR8), all versions \n\nvEL8.40 and prior\n\n\n\n"
}
],
"id": "CVE-2023-23568",
"lastModified": "2024-11-21T07:46:26.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-25T02:15:09.317",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-22363
Vulnerability from fkie_nvd - Published: 2023-07-25 00:15 - Updated: 2024-11-21 07:44
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.
This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92A438BA-DC52-4253-B5B6-4BE8CD7A1CCA",
"versionEndExcluding": "8.80.1192",
"versionStartIncluding": "8.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.\n\nThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)\n\n"
}
],
"id": "CVE-2023-22363",
"lastModified": "2024-11-21T07:44:38.263",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-25T00:15:09.540",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22363"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-25074
Vulnerability from fkie_nvd - Published: 2023-07-25 00:15 - Updated: 2024-11-21 07:49
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.
This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4),
vEL8.60 prior to vEL8.60.2347 (MR6),
vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E51DC51C-E4D6-4C8D-8235-10258F79A6C5",
"versionEndIncluding": "8.40.2216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B23146CE-CE9D-4850-8169-D0C168A3D037",
"versionEndExcluding": "8.50.2831",
"versionStartIncluding": "8.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12131674-A0E9-4A12-BA87-C9207DA8C34C",
"versionEndExcluding": "8.60.2347",
"versionStartIncluding": "8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1E36DB-F15E-449A-A672-4853D31CE064",
"versionEndExcluding": "8.70.2185",
"versionStartIncluding": "8.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92A438BA-DC52-4253-B5B6-4BE8CD7A1CCA",
"versionEndExcluding": "8.80.1192",
"versionStartIncluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "110D9A0C-409D-4B1F-84B6-274B15D87CA3",
"versionEndExcluding": "8.90.1318",
"versionStartIncluding": "8.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.\n\n\n\n\n\n\nThis issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), \n\nvEL8.60 prior to vEL8.60.2347 (MR6),\n\nvEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.\n\n\n"
}
],
"id": "CVE-2023-25074",
"lastModified": "2024-11-21T07:49:03.247",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-25T00:15:09.637",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25074"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-22428
Vulnerability from fkie_nvd - Published: 2023-07-24 23:15 - Updated: 2024-11-21 07:44
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.
This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E51DC51C-E4D6-4C8D-8235-10258F79A6C5",
"versionEndIncluding": "8.40.2216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B23146CE-CE9D-4850-8169-D0C168A3D037",
"versionEndExcluding": "8.50.2831",
"versionStartIncluding": "8.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12131674-A0E9-4A12-BA87-C9207DA8C34C",
"versionEndExcluding": "8.60.2347",
"versionStartIncluding": "8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1E36DB-F15E-449A-A672-4853D31CE064",
"versionEndExcluding": "8.70.2185",
"versionStartIncluding": "8.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92A438BA-DC52-4253-B5B6-4BE8CD7A1CCA",
"versionEndExcluding": "8.80.1192",
"versionStartIncluding": "8.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nImproper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.\n\nThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.\n\n"
}
],
"id": "CVE-2023-22428",
"lastModified": "2024-11-21T07:44:47.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-24T23:15:11.230",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22428"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-21838 (GCVE-0-2024-21838)
Vulnerability from cvelistv5 – Published: 2024-03-05 03:11 – Updated: 2024-08-01 22:27
VLAI?
Summary
Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre.
This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.
Severity ?
6.8 (Medium)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre Server |
Affected:
0 , ≤ 8.60
(custom)
Affected: 9.00 , < vEL9.00.1774 (MR2) (custom) Affected: 8.90 , < vEL8.90.1751 (MR3) (custom) Affected: 8.80 , < vEL8.80.1526 (MR4) (custom) Affected: 8.70 , < vEL8.70.2526 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T15:42:22.095197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:38:11.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre Server",
"vendor": "Gallagher ",
"versions": [
{
"lessThanOrEqual": "8.60",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vEL9.00.1774 (MR2)",
"status": "affected",
"version": "9.00",
"versionType": "custom"
},
{
"lessThan": "vEL8.90.1751 (MR3)",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThan": "vEL8.80.1526 (MR4)",
"status": "affected",
"version": "8.80",
"versionType": "custom"
},
{
"lessThan": "vEL8.70.2526",
"status": "affected",
"version": "8.70",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOnly sites making use of Command Centre to send emails are affected. \u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nOnly sites making use of Command Centre to send emails are affected. \n\n\n"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. \u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003eThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u0026nbsp;all version of 8.60 and prior.\u003c/span\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\nImproper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. \n\nThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u00a0all version of 8.60 and prior.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T03:11:55.586Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2024-21838",
"datePublished": "2024-03-05T03:11:55.586Z",
"dateReserved": "2024-02-05T04:16:47.986Z",
"dateUpdated": "2024-08-01T22:27:36.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21815 (GCVE-0-2024-21815)
Vulnerability from cvelistv5 – Published: 2024-03-05 03:09 – Updated: 2024-08-01 22:27
VLAI?
Summary
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users.
This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.
Severity ?
9.1 (Critical)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre Server |
Affected:
0 , ≤ 8.60
(custom)
Affected: 9.00 , < vEL9.00.1774 (MR2) (custom) Affected: 8.90 , < vEL8.90.1751 (MR3) (custom) Affected: 8.80 , < vEL8.80.1526 (MR4) (custom) Affected: 8.70 , < vEL8.70.2526 (MR6) (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T16:09:09.796526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:38:15.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-21815"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre Server",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.60",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vEL9.00.1774 (MR2)",
"status": "affected",
"version": "9.00",
"versionType": "custom"
},
{
"lessThan": "vEL8.90.1751 (MR3)",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThan": "vEL8.80.1526 (MR4)",
"status": "affected",
"version": "8.80",
"versionType": "custom"
},
{
"lessThan": "vEL8.70.2526 (MR6)",
"status": "affected",
"version": "8.70",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOnly sites with DVR integrations are affected. \u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nOnly sites with DVR integrations are affected. \n\n\n"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. \u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u0026nbsp;all version of 8.60 and prior.\u003c/span\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\nInsufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. \n\nThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u00a0all version of 8.60 and prior.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T03:09:52.505Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-21815"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2024-21815",
"datePublished": "2024-03-05T03:09:52.505Z",
"dateReserved": "2024-02-05T04:16:48.019Z",
"dateUpdated": "2024-08-01T22:27:36.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46686 (GCVE-0-2023-46686)
Vulnerability from cvelistv5 – Published: 2023-12-18 22:01 – Updated: 2024-10-01 15:59
VLAI?
Summary
A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols.
This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).
Severity ?
5.5 (Medium)
CWE
- CWE-807 - Reliance on Untrusted Inputs in a Security Decision
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre Diagnostics Service |
Affected:
0 , ≤ 1.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-26T20:59:49.981191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T15:59:10.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre Diagnostics Service",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "1.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA reliance on untrusted inputs in a security decision could be exploited by a \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eprivileged\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. \u003cbr\u003e\u003cbr\u003eThis issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).\u003c/span\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\nA reliance on untrusted inputs in a security decision could be exploited by a privileged\u00a0user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. \n\nThis issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-807",
"description": "CWE-807: Reliance on Untrusted Inputs in a Security Decision",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T22:01:03.342Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-46686",
"datePublished": "2023-12-18T22:01:03.342Z",
"dateReserved": "2023-11-01T22:24:52.286Z",
"dateUpdated": "2024-10-01T15:59:10.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23584 (GCVE-0-2023-23584)
Vulnerability from cvelistv5 – Published: 2023-12-18 21:59 – Updated: 2024-08-02 10:35
VLAI?
Summary
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable.
This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.
Severity ?
4.3 (Medium)
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre Server |
Affected:
0 , ≤ 8.50
(custom)
Affected: 8.70 , < 8.70.1787 (MR2) (custom) Affected: 8.60 , < 8.60.2039 (MR4) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23584"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre Server",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.50",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.70.1787 (MR2)",
"status": "affected",
"version": "8.70",
"versionType": "custom"
},
{
"lessThan": "8.60.2039 (MR4)",
"status": "affected",
"version": "8.60",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. \u003cbr\u003e\u003cbr\u003eThis issue affects: Gallagher Command Centre \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.\u003c/span\u003e\n\n"
}
],
"value": "\nAn observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. \n\nThis issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T21:59:58.271Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23584"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-23584",
"datePublished": "2023-12-18T21:59:58.271Z",
"dateReserved": "2023-02-03T20:38:05.261Z",
"dateUpdated": "2024-08-02T10:35:33.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23576 (GCVE-0-2023-23576)
Vulnerability from cvelistv5 – Published: 2023-12-18 21:59 – Updated: 2024-08-02 10:35
VLAI?
Summary
Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision.
This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.
Severity ?
4.3 (Medium)
CWE
- CWE-696 - Incorrect Behavior Order
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre Server |
Affected:
0 , ≤ 8.50
(custom)
Affected: 8.90 , < 8.90.1620 (MR2) (custom) Affected: 8.80 , < 8.80.1369 (MR3) (custom) Affected: 8.70 , < 8.70.2375 (MR5) (custom) Affected: 8.60 , < 8.60.2550 (MR7) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23576"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre Server",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.50",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.90.1620 (MR2)",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThan": "8.80.1369 (MR3)",
"status": "affected",
"version": "8.80",
"versionType": "custom"
},
{
"lessThan": "8.70.2375 (MR5)",
"status": "affected",
"version": "8.70",
"versionType": "custom"
},
{
"lessThan": "8.60.2550 (MR7)",
"status": "affected",
"version": "8.60",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. \u003cbr\u003e\u003cbr\u003eThis issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.\u003c/span\u003e\n\n"
}
],
"value": "\nIncorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. \n\nThis issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-696",
"description": "CWE-696: Incorrect Behavior Order",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T21:59:38.164Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23576"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-23576",
"datePublished": "2023-12-18T21:59:38.164Z",
"dateReserved": "2023-02-03T20:38:05.225Z",
"dateUpdated": "2024-08-02T10:35:33.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23570 (GCVE-0-2023-23570)
Vulnerability from cvelistv5 – Published: 2023-12-18 21:59 – Updated: 2024-11-27 20:27
VLAI?
Summary
Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior.
This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.
Severity ?
5.4 (Medium)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
0 , ≤ 8.80
(custom)
Affected: 8.90 , ≤ 8.90.1620 (MR2) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23570"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T20:27:10.315759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T20:27:18.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.80",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.90.1620 (MR2)",
"status": "affected",
"version": "8.90",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eClient-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. \u003cbr\u003e\u003cbr\u003eThis issue affects: Gallagher Command Centre \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8.90 prior to vEL8.90.1620 (MR2), \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eall versions of 8.80 and prior.\u003c/span\u003e\n\n"
}
],
"value": "\nClient-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. \n\nThis issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T21:59:16.732Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23570"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-23570",
"datePublished": "2023-12-18T21:59:16.732Z",
"dateReserved": "2023-02-03T20:38:05.220Z",
"dateUpdated": "2024-11-27T20:27:18.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22439 (GCVE-0-2023-22439)
Vulnerability from cvelistv5 – Published: 2023-12-18 21:58 – Updated: 2024-08-02 10:07
VLAI?
Summary
Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface.
This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Controller 6000/ Controller 7000 |
Affected:
0 , ≤ 8.50
(custom)
Affected: 8.90 , < vCR8.90.231204a (custom) Affected: 8.80 , < vCR8.80.231204a (custom) Affected: 8.70 , < vCR8.70.231204a (custom) Affected: 8.60 , < vCR8.60.231116a (custom) |
Credits
Sebastian Toscano of Amazon Security
Kevin Schaller of Amazon Security
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-22439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Controller 6000/ Controller 7000",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.50",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vCR8.90.231204a",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThan": "vCR8.80.231204a",
"status": "affected",
"version": "8.80",
"versionType": "custom"
},
{
"lessThan": "vCR8.70.231204a",
"status": "affected",
"version": "8.70",
"versionType": "custom"
},
{
"lessThan": "vCR8.60.231116a",
"status": "affected",
"version": "8.60",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sebastian Toscano of Amazon Security"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kevin Schaller of Amazon Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper input validation of a large HTTP request in the Controller 6000 and Controller 7000\u003c/span\u003e\u003cstrong\u003e\u0026nbsp;\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eoptional\u003c/span\u003e\u003cstrong\u003e\u0026nbsp;\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ediagnostic web interface (Port 80)\u003c/span\u003e\u003cstrong\u003e\u0026nbsp;\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecan be used to perform a Denial of Service of the diagnostic web interface.\u003cbr\u003e\u003cbr\u003eThis issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.\u003c/span\u003e\n\n"
}
],
"value": "\nImproper input validation of a large HTTP request in the Controller 6000 and Controller 7000\u00a0optional\u00a0diagnostic web interface (Port 80)\u00a0can be used to perform a Denial of Service of the diagnostic web interface.\n\nThis issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T21:58:41.026Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-22439"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-22439",
"datePublished": "2023-12-18T21:58:41.026Z",
"dateReserved": "2023-02-03T20:38:05.234Z",
"dateUpdated": "2024-08-02T10:07:06.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23568 (GCVE-0-2023-23568)
Vulnerability from cvelistv5 – Published: 2023-07-25 01:31 – Updated: 2024-10-17 13:05
VLAI?
Summary
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.
This issue affects Command Centre: vEL
8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2),
vEL8.70 prior to
vEL8.70.2185 (MR4),
vEL8.60 prior to
vEL8.60.2347 (MR6),
vEL8.50 prior to
vEL8.50.2831 (MR8), all versions
vEL8.40 and prior
Severity ?
4.3 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
vEL8.90 , < 1318
(custom)
Affected: vEL8.80 , < 1192 (custom) Affected: vEL8.70 , < 2185 (custom) Affected: vEL8.60 , < 2347 (custom) Affected: vEL8.50 , < 2831 (custom) Affected: vEL8.40 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:07.162966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:05:39.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "1318",
"status": "affected",
"version": "vEL8.90",
"versionType": "custom"
},
{
"lessThan": "1192",
"status": "affected",
"version": "vEL8.80",
"versionType": "custom"
},
{
"lessThan": "2185",
"status": "affected",
"version": "vEL8.70",
"versionType": "custom"
},
{
"lessThan": "2347",
"status": "affected",
"version": "vEL8.60",
"versionType": "custom"
},
{
"lessThan": "2831",
"status": "affected",
"version": "vEL8.50",
"versionType": "custom"
},
{
"status": "affected",
"version": "vEL8.40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Command Centre: vEL\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), \n\nvEL8.70 prior to \n\nvEL8.70.2185 (MR4), \n\nvEL8.60 prior to \n\nvEL8.60.2347 (MR6), \n\nvEL8.50 prior to \n\nvEL8.50.2831 (MR8), all versions \n\nvEL8.40 and prior\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.\n\nThis issue affects Command Centre: vEL\n\n8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), \n\nvEL8.70 prior to \n\nvEL8.70.2185 (MR4), \n\nvEL8.60 prior to \n\nvEL8.60.2347 (MR6), \n\nvEL8.50 prior to \n\nvEL8.50.2831 (MR8), all versions \n\nvEL8.40 and prior\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T01:31:59.175Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-23568",
"datePublished": "2023-07-25T01:31:59.175Z",
"dateReserved": "2023-02-03T20:38:05.273Z",
"dateUpdated": "2024-10-17T13:05:39.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22363 (GCVE-0-2023-22363)
Vulnerability from cvelistv5 – Published: 2023-07-24 23:09 – Updated: 2024-10-17 13:04
VLAI?
Summary
A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.
This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)
Severity ?
6.5 (Medium)
CWE
- CWE-121 - Stack-based buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
vEL8.80 , < 1192
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22363"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:12.969143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:04:52.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "1192",
"status": "affected",
"version": "vEL8.80",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)\u003c/p\u003e"
}
],
"value": "\nA stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.\n\nThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-24T23:09:14.127Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22363"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Access Zone stack overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-22363",
"datePublished": "2023-07-24T23:09:14.127Z",
"dateReserved": "2023-02-03T20:38:05.254Z",
"dateUpdated": "2024-10-17T13:04:52.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25074 (GCVE-0-2023-25074)
Vulnerability from cvelistv5 – Published: 2023-07-24 23:05 – Updated: 2024-10-17 13:04
VLAI?
Summary
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.
This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4),
vEL8.60 prior to vEL8.60.2347 (MR6),
vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.
Severity ?
7.1 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
vEL8.40
Affected: vEL8.50 , < 2831 (custom) Affected: vEL8.60 , < 2347 (custom) Affected: vEL8.70 , < 2185 (custom) Affected: vEL8.80 , < 1192 (custom) Affected: vEL8.90 , < 1318 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:44.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25074"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25074",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:17.838609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:04:13.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"status": "affected",
"version": "vEL8.40"
},
{
"lessThan": "2831",
"status": "affected",
"version": "vEL8.50",
"versionType": "custom"
},
{
"lessThan": "2347",
"status": "affected",
"version": "vEL8.60",
"versionType": "custom"
},
{
"lessThan": "2185",
"status": "affected",
"version": "vEL8.70",
"versionType": "custom"
},
{
"lessThan": "1192",
"status": "affected",
"version": "vEL8.80",
"versionType": "custom"
},
{
"lessThan": "1318",
"status": "affected",
"version": "vEL8.90",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.\u003c/span\u003e\n\n\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\n\nThis issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evEL8.60 prior to vEL8.60.2347 (MR6),\u003c/span\u003e\n\nvEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.\n\n\n\n\n\n\nThis issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), \n\nvEL8.60 prior to vEL8.60.2347 (MR6),\n\nvEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-27T05:39:07.574Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25074"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Competency access levels not enforced in the server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-25074",
"datePublished": "2023-07-24T23:05:24.657Z",
"dateReserved": "2023-02-03T20:38:05.215Z",
"dateUpdated": "2024-10-17T13:04:13.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21838 (GCVE-0-2024-21838)
Vulnerability from nvd – Published: 2024-03-05 03:11 – Updated: 2024-08-01 22:27
VLAI?
Summary
Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre.
This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.
Severity ?
6.8 (Medium)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre Server |
Affected:
0 , ≤ 8.60
(custom)
Affected: 9.00 , < vEL9.00.1774 (MR2) (custom) Affected: 8.90 , < vEL8.90.1751 (MR3) (custom) Affected: 8.80 , < vEL8.80.1526 (MR4) (custom) Affected: 8.70 , < vEL8.70.2526 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T15:42:22.095197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:38:11.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre Server",
"vendor": "Gallagher ",
"versions": [
{
"lessThanOrEqual": "8.60",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vEL9.00.1774 (MR2)",
"status": "affected",
"version": "9.00",
"versionType": "custom"
},
{
"lessThan": "vEL8.90.1751 (MR3)",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThan": "vEL8.80.1526 (MR4)",
"status": "affected",
"version": "8.80",
"versionType": "custom"
},
{
"lessThan": "vEL8.70.2526",
"status": "affected",
"version": "8.70",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOnly sites making use of Command Centre to send emails are affected. \u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nOnly sites making use of Command Centre to send emails are affected. \n\n\n"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. \u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003eThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u0026nbsp;all version of 8.60 and prior.\u003c/span\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\nImproper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. \n\nThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u00a0all version of 8.60 and prior.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T03:11:55.586Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2024-21838",
"datePublished": "2024-03-05T03:11:55.586Z",
"dateReserved": "2024-02-05T04:16:47.986Z",
"dateUpdated": "2024-08-01T22:27:36.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21815 (GCVE-0-2024-21815)
Vulnerability from nvd – Published: 2024-03-05 03:09 – Updated: 2024-08-01 22:27
VLAI?
Summary
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users.
This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.
Severity ?
9.1 (Critical)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre Server |
Affected:
0 , ≤ 8.60
(custom)
Affected: 9.00 , < vEL9.00.1774 (MR2) (custom) Affected: 8.90 , < vEL8.90.1751 (MR3) (custom) Affected: 8.80 , < vEL8.80.1526 (MR4) (custom) Affected: 8.70 , < vEL8.70.2526 (MR6) (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T16:09:09.796526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:38:15.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-21815"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre Server",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.60",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vEL9.00.1774 (MR2)",
"status": "affected",
"version": "9.00",
"versionType": "custom"
},
{
"lessThan": "vEL8.90.1751 (MR3)",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThan": "vEL8.80.1526 (MR4)",
"status": "affected",
"version": "8.80",
"versionType": "custom"
},
{
"lessThan": "vEL8.70.2526 (MR6)",
"status": "affected",
"version": "8.70",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOnly sites with DVR integrations are affected. \u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nOnly sites with DVR integrations are affected. \n\n\n"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. \u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u0026nbsp;all version of 8.60 and prior.\u003c/span\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\nInsufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. \n\nThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u00a0all version of 8.60 and prior.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T03:09:52.505Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-21815"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2024-21815",
"datePublished": "2024-03-05T03:09:52.505Z",
"dateReserved": "2024-02-05T04:16:48.019Z",
"dateUpdated": "2024-08-01T22:27:36.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46686 (GCVE-0-2023-46686)
Vulnerability from nvd – Published: 2023-12-18 22:01 – Updated: 2024-10-01 15:59
VLAI?
Summary
A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols.
This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).
Severity ?
5.5 (Medium)
CWE
- CWE-807 - Reliance on Untrusted Inputs in a Security Decision
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre Diagnostics Service |
Affected:
0 , ≤ 1.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-26T20:59:49.981191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T15:59:10.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre Diagnostics Service",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "1.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA reliance on untrusted inputs in a security decision could be exploited by a \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eprivileged\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. \u003cbr\u003e\u003cbr\u003eThis issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).\u003c/span\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\nA reliance on untrusted inputs in a security decision could be exploited by a privileged\u00a0user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. \n\nThis issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-807",
"description": "CWE-807: Reliance on Untrusted Inputs in a Security Decision",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T22:01:03.342Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-46686",
"datePublished": "2023-12-18T22:01:03.342Z",
"dateReserved": "2023-11-01T22:24:52.286Z",
"dateUpdated": "2024-10-01T15:59:10.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23584 (GCVE-0-2023-23584)
Vulnerability from nvd – Published: 2023-12-18 21:59 – Updated: 2024-08-02 10:35
VLAI?
Summary
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable.
This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.
Severity ?
4.3 (Medium)
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre Server |
Affected:
0 , ≤ 8.50
(custom)
Affected: 8.70 , < 8.70.1787 (MR2) (custom) Affected: 8.60 , < 8.60.2039 (MR4) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23584"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre Server",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.50",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.70.1787 (MR2)",
"status": "affected",
"version": "8.70",
"versionType": "custom"
},
{
"lessThan": "8.60.2039 (MR4)",
"status": "affected",
"version": "8.60",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. \u003cbr\u003e\u003cbr\u003eThis issue affects: Gallagher Command Centre \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.\u003c/span\u003e\n\n"
}
],
"value": "\nAn observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. \n\nThis issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T21:59:58.271Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23584"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-23584",
"datePublished": "2023-12-18T21:59:58.271Z",
"dateReserved": "2023-02-03T20:38:05.261Z",
"dateUpdated": "2024-08-02T10:35:33.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23576 (GCVE-0-2023-23576)
Vulnerability from nvd – Published: 2023-12-18 21:59 – Updated: 2024-08-02 10:35
VLAI?
Summary
Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision.
This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.
Severity ?
4.3 (Medium)
CWE
- CWE-696 - Incorrect Behavior Order
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre Server |
Affected:
0 , ≤ 8.50
(custom)
Affected: 8.90 , < 8.90.1620 (MR2) (custom) Affected: 8.80 , < 8.80.1369 (MR3) (custom) Affected: 8.70 , < 8.70.2375 (MR5) (custom) Affected: 8.60 , < 8.60.2550 (MR7) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23576"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre Server",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.50",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.90.1620 (MR2)",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThan": "8.80.1369 (MR3)",
"status": "affected",
"version": "8.80",
"versionType": "custom"
},
{
"lessThan": "8.70.2375 (MR5)",
"status": "affected",
"version": "8.70",
"versionType": "custom"
},
{
"lessThan": "8.60.2550 (MR7)",
"status": "affected",
"version": "8.60",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. \u003cbr\u003e\u003cbr\u003eThis issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.\u003c/span\u003e\n\n"
}
],
"value": "\nIncorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. \n\nThis issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-696",
"description": "CWE-696: Incorrect Behavior Order",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T21:59:38.164Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23576"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-23576",
"datePublished": "2023-12-18T21:59:38.164Z",
"dateReserved": "2023-02-03T20:38:05.225Z",
"dateUpdated": "2024-08-02T10:35:33.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23570 (GCVE-0-2023-23570)
Vulnerability from nvd – Published: 2023-12-18 21:59 – Updated: 2024-11-27 20:27
VLAI?
Summary
Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior.
This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.
Severity ?
5.4 (Medium)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
0 , ≤ 8.80
(custom)
Affected: 8.90 , ≤ 8.90.1620 (MR2) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23570"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T20:27:10.315759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T20:27:18.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.80",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.90.1620 (MR2)",
"status": "affected",
"version": "8.90",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eClient-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. \u003cbr\u003e\u003cbr\u003eThis issue affects: Gallagher Command Centre \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8.90 prior to vEL8.90.1620 (MR2), \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eall versions of 8.80 and prior.\u003c/span\u003e\n\n"
}
],
"value": "\nClient-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. \n\nThis issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T21:59:16.732Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23570"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-23570",
"datePublished": "2023-12-18T21:59:16.732Z",
"dateReserved": "2023-02-03T20:38:05.220Z",
"dateUpdated": "2024-11-27T20:27:18.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22439 (GCVE-0-2023-22439)
Vulnerability from nvd – Published: 2023-12-18 21:58 – Updated: 2024-08-02 10:07
VLAI?
Summary
Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface.
This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Controller 6000/ Controller 7000 |
Affected:
0 , ≤ 8.50
(custom)
Affected: 8.90 , < vCR8.90.231204a (custom) Affected: 8.80 , < vCR8.80.231204a (custom) Affected: 8.70 , < vCR8.70.231204a (custom) Affected: 8.60 , < vCR8.60.231116a (custom) |
Credits
Sebastian Toscano of Amazon Security
Kevin Schaller of Amazon Security
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-22439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Controller 6000/ Controller 7000",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.50",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vCR8.90.231204a",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThan": "vCR8.80.231204a",
"status": "affected",
"version": "8.80",
"versionType": "custom"
},
{
"lessThan": "vCR8.70.231204a",
"status": "affected",
"version": "8.70",
"versionType": "custom"
},
{
"lessThan": "vCR8.60.231116a",
"status": "affected",
"version": "8.60",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sebastian Toscano of Amazon Security"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kevin Schaller of Amazon Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper input validation of a large HTTP request in the Controller 6000 and Controller 7000\u003c/span\u003e\u003cstrong\u003e\u0026nbsp;\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eoptional\u003c/span\u003e\u003cstrong\u003e\u0026nbsp;\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ediagnostic web interface (Port 80)\u003c/span\u003e\u003cstrong\u003e\u0026nbsp;\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecan be used to perform a Denial of Service of the diagnostic web interface.\u003cbr\u003e\u003cbr\u003eThis issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.\u003c/span\u003e\n\n"
}
],
"value": "\nImproper input validation of a large HTTP request in the Controller 6000 and Controller 7000\u00a0optional\u00a0diagnostic web interface (Port 80)\u00a0can be used to perform a Denial of Service of the diagnostic web interface.\n\nThis issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T21:58:41.026Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-22439"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-22439",
"datePublished": "2023-12-18T21:58:41.026Z",
"dateReserved": "2023-02-03T20:38:05.234Z",
"dateUpdated": "2024-08-02T10:07:06.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23568 (GCVE-0-2023-23568)
Vulnerability from nvd – Published: 2023-07-25 01:31 – Updated: 2024-10-17 13:05
VLAI?
Summary
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.
This issue affects Command Centre: vEL
8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2),
vEL8.70 prior to
vEL8.70.2185 (MR4),
vEL8.60 prior to
vEL8.60.2347 (MR6),
vEL8.50 prior to
vEL8.50.2831 (MR8), all versions
vEL8.40 and prior
Severity ?
4.3 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
vEL8.90 , < 1318
(custom)
Affected: vEL8.80 , < 1192 (custom) Affected: vEL8.70 , < 2185 (custom) Affected: vEL8.60 , < 2347 (custom) Affected: vEL8.50 , < 2831 (custom) Affected: vEL8.40 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:07.162966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:05:39.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "1318",
"status": "affected",
"version": "vEL8.90",
"versionType": "custom"
},
{
"lessThan": "1192",
"status": "affected",
"version": "vEL8.80",
"versionType": "custom"
},
{
"lessThan": "2185",
"status": "affected",
"version": "vEL8.70",
"versionType": "custom"
},
{
"lessThan": "2347",
"status": "affected",
"version": "vEL8.60",
"versionType": "custom"
},
{
"lessThan": "2831",
"status": "affected",
"version": "vEL8.50",
"versionType": "custom"
},
{
"status": "affected",
"version": "vEL8.40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Command Centre: vEL\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), \n\nvEL8.70 prior to \n\nvEL8.70.2185 (MR4), \n\nvEL8.60 prior to \n\nvEL8.60.2347 (MR6), \n\nvEL8.50 prior to \n\nvEL8.50.2831 (MR8), all versions \n\nvEL8.40 and prior\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.\n\nThis issue affects Command Centre: vEL\n\n8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), \n\nvEL8.70 prior to \n\nvEL8.70.2185 (MR4), \n\nvEL8.60 prior to \n\nvEL8.60.2347 (MR6), \n\nvEL8.50 prior to \n\nvEL8.50.2831 (MR8), all versions \n\nvEL8.40 and prior\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T01:31:59.175Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-23568",
"datePublished": "2023-07-25T01:31:59.175Z",
"dateReserved": "2023-02-03T20:38:05.273Z",
"dateUpdated": "2024-10-17T13:05:39.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22363 (GCVE-0-2023-22363)
Vulnerability from nvd – Published: 2023-07-24 23:09 – Updated: 2024-10-17 13:04
VLAI?
Summary
A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.
This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)
Severity ?
6.5 (Medium)
CWE
- CWE-121 - Stack-based buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Affected:
vEL8.80 , < 1192
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22363"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:12.969143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:04:52.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "1192",
"status": "affected",
"version": "vEL8.80",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)\u003c/p\u003e"
}
],
"value": "\nA stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.\n\nThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-24T23:09:14.127Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22363"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Access Zone stack overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-22363",
"datePublished": "2023-07-24T23:09:14.127Z",
"dateReserved": "2023-02-03T20:38:05.254Z",
"dateUpdated": "2024-10-17T13:04:52.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}