CVE-2021-23136

Published: Jun 11, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.

Affected (4)

Products: Gallagher: Command Centre

Gallagher

1 product

Command Centre

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Gallagher Command Centre	Up to 8.10
Gallagher Command Centre	From 8.20 to 8.20.1259
Gallagher Command Centre	From 8.30 to 8.30.1359
Gallagher Command Centre	From 8.40 to 8.40.1888

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://security.gallagher.com/Security-Advisories/CVE-2021-23136

Source: disclosures@gallagher.com

Vendor Advisory

https://security.gallagher.com/Security-Advisories/CVE-2021-23136

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.