Headline
CVE-2023-22428: CVE-2023-22428
Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.
This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.
Title: Improper privilege validation allows Division lineage modification
Severity: High CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Components affected: Command Centre Server
Version of Command Centre affected: 8.80 prior to vEL8.80.1192 (MR2), 8.70 prior to 8.70.2185 (MR4); 8.60 prior to 8.60.2347 (MR6); 8.50 prior to 8.50.2831 (MR8); all versions of 8.40 and prior.
Reported by: Gallagher Internal
Active exploitation of vulnerability*: No
Description of vulnerability: Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects: Gallagher Command Centre 8.80 versions prior to vEL8.80.1192 (MR2), 8.70 prior to 8.70.2185 (MR4); 8.60 prior to 8.60.2347 (MR6); 8.50 prior to 8.50.2831 (MR8); version 8.40 and prior versions.
Mitigation: None
Maintenance releases are now available for:
- v8.80 - v8.80.1192 (MR2)
- v8.70 - v8.70.2185 (MR4)
- v8.60 - v8.60.2347 (MR6)
- v8.50 - v8.50.2831 (MR8)
*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.