PT-2024-29930 · Gallagher · Gallagher Command Centre Server
Published
2024-12-12
·
Updated
2024-12-12
·
CVE-2024-42407
CVSS v3.1
8.5
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Gallagher Command Centre Server versions 8.80 and prior
Gallagher Command Centre Server versions 8.90 through 8.90.2356
Gallagher Command Centre Server versions 9.00 through 9.00.2374
Gallagher Command Centre Server versions 9.10 through 9.10.2149
Description
The issue allows an authenticated Operator to view some security-sensitive information to which they have not been granted access due to the insertion of sensitive information into log files.
Recommendations
For versions 8.80 and prior, update to a version later than 8.80.
For versions 8.90 through 8.90.2356, update to version 8.90.2356 or later.
For versions 9.00 through 9.00.2374, update to version 9.00.2374 or later.
For versions 9.10 through 9.10.2149, update to version 9.10.2149 or later.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gallagher Command Centre Server