Improper Privilege Validation in Command Centre Server by Gallagher
CVE-2023-23568

4.3MEDIUM

Key Information:

Vendor: Gallagher
Status: Command Centre
Vendor: CVE Published:; 25 July 2023

What is CVE-2023-23568?

An improper privilege validation vulnerability in Gallagher's Command Centre Server allows authenticated, unprivileged operators to gain access to and modify sensitive Personal Data Fields. This flaw can lead to unauthorized viewing and manipulation of personal data, raising significant concerns regarding data privacy and security. Users should ensure they are using the updated versions of the Command Centre to mitigate these risks.

Affected Version(s)

Command Centre vEL8.90 < 1318

Command Centre vEL8.80 < 1192

Command Centre vEL8.70 < 2185

References

https://security.gallagher.com/en-NZ/Security-Advisories/...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2023
Vulnerability Reserved
Feb 3, 2023