CVE-2023-23568

MEDIUM

Gallagher Command Centre < 8.40.2216 - Authenticated Privilege Escalation via Personal Data Fields

Title source: llm

Description

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior

References (1)

Core 1

Core References

Vendor Advisory

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568

Scores

CVSS v3 4.3

EPSS 0.0026

EPSS Percentile 17.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-285

Status published

Products (1)

gallagher/command_centre < 8.40.2216

Published Jul 25, 2023

Tracked Since Feb 18, 2026