Competency access levels not enforced in the server
CVE-2023-25074

7.1HIGH

Key Information:

Vendor: Gallagher
Status: Command Centre
Vendor: CVE Published:; 25 July 2023

What is CVE-2023-25074?

The Command Centre Server by Gallagher suffers from an improper privilege validation issue, enabling authenticated users with insufficient privileges to modify and view competencies. This vulnerability may expose sensitive information and allow unauthorized changes, potentially compromising the integrity of the server's operations.

Affected Version(s)

Command Centre vEL8.40

Command Centre vEL8.50 < 2831

Command Centre vEL8.60 < 2347

References

https://security.gallagher.com/en-NZ/Security-Advisories/...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2023
Vulnerability Reserved
Feb 3, 2023