PT-2026-43004 · Gallagher · Active Directory Sync+13
Published
2026-05-25
·
Updated
2026-05-25
·
CVE-2026-25193
CVSS v3.1
8.1
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H |
Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure.
Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account (not the default Network Service account) are potentially impacted.
Mitigation: For sites concerned about exposure, the recommended action is to change the Service Account password. They can also delete any installer log files, usually found in %programdata%GallagherCommand Centre.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Active Directory Sync
Cardholder Sync Utility
Command Centre Server
Diagnostics Service
Elevator Service
Encoding Kiosk Application
Entra Id Sync
Event Logger
Event Sync Utility
Middleware Framework
Nexudus Integration
Okta Sync
Papercut Interface Integration
Sip Integration