CVE-2023-22428

Published: Jul 24, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.

Affected (5)

Products: Gallagher: Command Centre

Gallagher

1 product

Command Centre

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Gallagher Command Centre	Up to 8.40.2216
Gallagher Command Centre	From 8.50 to 8.50.2831
Gallagher Command Centre	From 8.60 to 8.60.2347
Gallagher Command Centre	From 8.70 to 8.70.2185
Gallagher Command Centre	From 8.80 to 8.80.1192

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22428

Source: disclosures@gallagher.com

Vendor Advisory

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22428

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.