CVE-2024-21838

Name of the Vulnerable Software and Affected Versions Gallagher Command Centre versions 8.60 and prior Gallagher Command Centre versions 8.70 prior to vEL8.70.2526 (MR6) Gallagher Command Centre versions 8.80 prior to vEL8.80.1526 (MR4) Gallagher Command Centre versions 8.90 prior to vEL8.90.1751 (MR3) Gallagher Command Centre versions 9.00 prior to vEL9.00.1774 (MR2)

Description The issue is related to improper neutralization of special elements in output used by the email generation feature of the Command Centre Server, which could lead to HTML code injection in emails generated by Command Centre.

Recommendations For Gallagher Command Centre version 8.60 and prior, update to a version later than 8.60. For Gallagher Command Centre version 8.70 prior to vEL8.70.2526 (MR6), update to vEL8.70.2526 (MR6) or later. For Gallagher Command Centre version 8.80 prior to vEL8.80.1526 (MR4), update to vEL8.80.1526 (MR4) or later. For Gallagher Command Centre version 8.90 prior to vEL8.90.1751 (MR3), update to vEL8.90.1751 (MR3) or later. For Gallagher Command Centre version 9.00 prior to vEL9.00.1774 (MR2), update to vEL9.00.1774 (MR2) or later.