Lucene search

[email protected]NVD:CVE-2023-25074

HistoryJul 25, 2023 - 12:15 a.m.

CVE-2023-25074

2023-07-2500:15:09

CWE-285

[email protected]

web.nvd.nist.gov

improper privilege validation

unprivileged operators

modify competencies

command centre server

vel8.90

vel8.80

vel8.70

vel8.60

vel8.50

vel8.40

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

21.6%

JSON

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.

This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4),

vEL8.60 prior to vEL8.60.2347 (MR6),

vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.

Affected configurations

Nvd

Node

gallaghercommand_centreRange≤8.40.2216

gallaghercommand_centreRange8.50–8.50.2831

gallaghercommand_centreRange8.60–8.60.2347

gallaghercommand_centreRange8.70–8.70.2185

gallaghercommand_centreRange8.80–8.80.1192

gallaghercommand_centreRange8.90–8.90.1318

VendorProductVersionCPE
gallaghercommand_centre*cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gallagher	command_centre	*	cpe:2.3:a:gallagher:command_centre::::::::

References

security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25074

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

21.6%

JSON

Related for NVD:CVE-2023-25074

cvelist1 cve1 prion1