3.3
CVE-2024-23194
- EPSS 0.15%
- Veröffentlicht 11.07.2024 03:15:02
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle disclosures@gallagher.com
- CVE-Watchlists
- Unerledigt
Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 (MR1).
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerGallagher
≫
Produkt
Command Centre
Default Statusunaffected
Version
9.10
Version <
vEL9.10.1268
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.044 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosures@gallagher.com | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-117 Improper Output Neutralization for Logs
The product does not neutralize or incorrectly neutralizes output that is written to logs.
https://security.gallagher.com/Security-Advisories/CVE-2024-23194