Command Centre API Diagnostics Endpoint vulnerable to Improper Output Neutralization (CWE-117)
CVE-2024-23194

3.3LOW

Key Information:

Vendor: Gallagher
Status: Command Centre
Vendor: CVE Published:; 11 July 2024

What is CVE-2024-23194?

Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files.

This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 (MR1).

Affected Version(s)

Command Centre 9.10

References

https://security.gallagher.com/Security-Advisories/CVE-20...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2024
Vulnerability Reserved
Feb 5, 2024