CVE-2023-22428

Title: Improper privilege validation allows Division lineage modification

Severity: High CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Components affected: Command Centre Server

Version of Command Centre affected:  8.80 prior to vEL8.80.1192 (MR2), 8.70 prior to 8.70.2185 (MR4); 8.60 prior to 8.60.2347 (MR6); 8.50 prior to 8.50.2831 (MR8); all versions of 8.40 and prior.

Reported by: Gallagher Internal

Active exploitation of vulnerability*: No

Description of vulnerability:  Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects: Gallagher Command Centre 8.80 versions prior to vEL8.80.1192 (MR2), 8.70 prior to 8.70.2185 (MR4); 8.60 prior to 8.60.2347 (MR6); 8.50 prior to 8.50.2831 (MR8); version 8.40 and prior versions.

Mitigation: None

Maintenance releases are now available for:

• v8.80 - v8.80.1192 (MR2)
• v8.70 - v8.70.2185 (MR4)
• v8.60 - v8.60.2347 (MR6)
• v8.50 - v8.50.2831 (MR8)

*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.