CVE-2024-21815

EPSS 0.1%
Veröffentlicht 05.03.2024 03:15:06
Zuletzt bearbeitet 10.02.2025 22:36:41
Quelle disclosures@gallagher.com
CVE-Watchlists
Login
Unerledigt
Login

Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. 

This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6),  all version of 8.60 and prior.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gallagher ≫ Command Centre Version <= 8.60

Gallagher ≫ Command Centre Version >= 8.70 < 8.70.2526

Gallagher ≫ Command Centre Version >= 8.80 < 8.80.1526

Gallagher ≫ Command Centre Version >= 8.90 < 8.90.1751

Gallagher ≫ Command Centre Version >= 9.00 < 9.00.1774

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.276

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
disclosures@gallagher.com	9.1	3.1	5.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://security.gallagher.com/Security-Advisories/CVE-2024-21815

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-21815

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-21815

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-21815

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-21815