CVE-2019-12492

Published: Jun 6, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Exploitability: 2.2 / Impact: 4.2

Source: NVD

Description

Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services.

Affected (3)

Products: Gallagher: Command Centre

Gallagher

1 product

Command Centre

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Gallagher Command Centre	Before 7.80.939
Gallagher Command Centre	From 7.90.0 to 7.90.961
Gallagher Command Centre	From 8.0 to 8.00.1128

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://security.gallagher.com/CVE-2019-12492

Source: cve@mitre.org

MitigationVendor Advisory

https://security.gallagher.com/security-advisories

Source: cve@mitre.org

Vendor Advisory

https://security.gallagher.com/CVE-2019-12492

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://security.gallagher.com/security-advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.