CVE-2024-23194

July 11, 2024, 1:05 p.m.

3.3
Low

Description

Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 (MR1).

Product(s) Impacted

Product Versions
Gallagher Command Centre
  • ['9.10', 'prior to vEL9.10.1268 (MR1)']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-117
Improper Output Neutralization for Logs
The product does not neutralize or incorrectly neutralizes output that is written to logs.

References

https://security.gallagher.com/Security-Advisories/CVE-2024-23194

Tags

CWE-117
2024-07-11
disclosures@gallagher.com
CVE-2024-23194

CVSS Score

3.3 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: LOW
  • Availability Impact: NONE

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

    View Vector String

Timeline

Published: July 11, 2024, 3:15 a.m.
Last Modified: July 11, 2024, 1:05 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

disclosures@gallagher.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.