CVE-2024-23194

Severity: Low CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Components affected: Command Centre Server

Version of Command Centre affected:  9.10 prior to vEL9.10.1268 (MR1)

Reported by: Gallagher Internal

Active exploitation of vulnerability*: No

Description of vulnerability: Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. 

This issue affects: 9.10 prior to vEL9.10.1268 (MR1)

Mitigation: Only sites which are using Gallagher Diagnostics Service with Command Centre v9.10.1005 are affected.

Maintenance releases are now available for:

v9.10 - v9.10.1268(MR1)

Important notes:

*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.