CVE-2021-23193
18.11.2021, 19:15
Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions.Enginsight
| Vendor | Product | Version |
|---|---|---|
| gallagher | command_centre | 𝑥 ≤ 8.10 |
| gallagher | command_centre | 8.20 ≤ 𝑥 < 8.20.1291 |
| gallagher | command_centre | 8.30 ≤ 𝑥 < 8.30.1454 |
| gallagher | command_centre | 8.40 ≤ 𝑥 < 8.40.2063 |
| gallagher | command_centre | 8.50 ≤ 𝑥 < 8.50.2048 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.