CVE-2023-23568

Summary

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.

This issue affects Command Centre: vEL

8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2),

vEL8.70 prior to

vEL8.70.2185 (MR4),

vEL8.60 prior to

vEL8.60.2347 (MR6),

vEL8.50 prior to

vEL8.50.2831 (MR8), all versions

vEL8.40 and prior

Affected Software

VendorProductVersion RangeStatus
GallagherCommand CentrevEL8.90 < 1318affected
GallagherCommand CentrevEL8.80 < 1192affected
GallagherCommand CentrevEL8.70 < 2185affected
GallagherCommand CentrevEL8.60 < 2347affected
GallagherCommand CentrevEL8.50 < 2831affected
GallagherCommand CentrevEL8.40affected

Weaknesses

  • CWE-285: CWE-285 Improper Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References