CVE-2021-23182

EPSS 0.03%
Veröffentlicht 11.06.2021 16:15:12
Zuletzt bearbeitet 21.11.2024 05:51:20
Quelle disclosures@gallagher.com
CVE-Watchlists
Login
Unerledigt
Login

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gallagher ≫ Command Centre Version >= 8.30 < 8.40.1888

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.044

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
disclosures@gallagher.com	6	0.8	5.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

CWE-316 Cleartext Storage of Sensitive Information in Memory

The product stores sensitive information in cleartext in memory.

https://security.gallagher.com/Security-Advisories/CVE-2021-23182

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-23182

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-23182

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-23182

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-23182