PT-2023-19060 · Gallagher · Gallagher Command Centre
Published
2023-12-18
·
Updated
2024-01-05
·
CVE-2023-23584
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Gallagher Command Centre versions 8.50 and prior
Gallagher Command Centre versions 8.60 prior to vEL8.60.2039 (MR4)
Gallagher Command Centre versions 8.70 prior to vEL8.70.1787 (MR2)
Description
An observable response discrepancy in the Gallagher Command Centre REST API allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable.
Recommendations
For Gallagher Command Centre version 8.50 and prior, update to a version later than the affected range.
For Gallagher Command Centre version 8.60, update to vEL8.60.2039 (MR4) or later.
For Gallagher Command Centre version 8.70, update to vEL8.70.1787 (MR2) or later.
Fix
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gallagher Command Centre