CVE-2024-23194

LOW

Gallagher Command Centre <9.10.1268 - Info Disclosure

Title source: llm

Description

Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 (MR1).

References (1)

[Various Sources] https://security.gallagher.com/Security-Advisories/CVE-2024-23194

Scores

CVSS v3 3.3

EPSS 0.0004

EPSS Percentile 13.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-117

Status published

Products (1)

Gallagher/Command Centre 9.10 - vEL9.10.1268

Published Jul 11, 2024

Tracked Since Feb 18, 2026