Lucene search

GallagherCVELIST:CVE-2023-23584

HistoryDec 18, 2023 - 9:59 p.m.

CVE-2023-23584

2023-12-1821:59:58

CWE-204

Gallagher

www.cve.org

observable response discrepancy

unauthorized access

gallagher command centre

restapi

security vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

14.0%

JSON

An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable.

This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Command Centre Server",
    "vendor": "Gallagher",
    "versions": [
      {
        "lessThanOrEqual": "8.50",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "8.70.1787 (MR2)",
        "status": "affected",
        "version": "8.70",
        "versionType": "custom"
      },
      {
        "lessThan": "8.60.2039 (MR4)",
        "status": "affected",
        "version": "8.60",
        "versionType": "custom"
      }
    ]
  }
]

References

security.gallagher.com/Security-Advisories/CVE-2023-23584

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

14.0%

JSON

Related for CVELIST:CVE-2023-23584