Lucene search

[email protected]NVD:CVE-2023-22428

HistoryJul 24, 2023 - 11:15 p.m.

CVE-2023-22428

2023-07-2423:15:11

CWE-285

[email protected]

web.nvd.nist.gov

improper privilege validation

command centre server

division lineage modification

vel8.40

vel8.50

vel8.60

vel8.70

vel8.80.

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.0005 Low

EPSS

Percentile

18.1%

JSON

Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.

This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.

Affected configurations

NVD

Node

gallaghercommand_centreRange≤8.40.2216

gallaghercommand_centreRange8.50–8.50.2831

gallaghercommand_centreRange8.60–8.60.2347

gallaghercommand_centreRange8.70–8.70.2185

gallaghercommand_centreRange8.80–8.80.1192

References

security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22428

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.0005 Low

EPSS

Percentile

18.1%

JSON

Related for NVD:CVE-2023-22428

cvelist1 prion1 cve1