Lucene search

[email protected]NVD:CVE-2023-23584

HistoryDec 18, 2023 - 10:15 p.m.

CVE-2023-23584

2023-12-1822:15:08

CWE-204

CWE-203

[email protected]

web.nvd.nist.gov

gallagher command centre

api security

observable response discrepancy

unviewable items

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

14.1%

JSON

An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable.

This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.

Affected configurations

NVD

Node

gallaghercommand_centreRange≤8.50

gallaghercommand_centreRange8.60–8.60.2039

gallaghercommand_centreRange8.70–8.70.1787

References

security.gallagher.com/Security-Advisories/CVE-2023-23584

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

14.1%

JSON

Related for NVD:CVE-2023-23584

cve1 cvelist1 prion1