CVE-2023-23568 - OpenCVE

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gallagher	Command Centre

Configuration 1 [-]

OR	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::

No data.

References

Link	Providers
https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568

History

No history.

MITRE

Status: PUBLISHED

Assigner: Gallagher

Published: 2023-07-25T01:31:59.175Z

Updated: 2024-08-02T10:35:33.024Z

Reserved: 2023-02-03T20:38:05.273Z

Link: CVE-2023-23568

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-25T02:15:09.317

Modified: 2023-08-01T20:00:27.187

Link: CVE-2023-23568

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-23568", "assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "state": "PUBLISHED", "assignerShortName": "Gallagher", "dateReserved": "2023-02-03T20:38:05.273Z", "datePublished": "2023-07-25T01:31:59.175Z", "dateUpdated": "2024-08-02T10:35:33.024Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "shortName": "Gallagher", "dateUpdated": "2023-07-25T01:31:59.175Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "affected": [{"vendor": "Gallagher", "product": "Command Centre", "versions": [{"status": "affected", "version": "vEL8.90", "lessThan": "1318", "versionType": "custom"}, {"status": "affected", "version": "vEL8.80", "lessThan": "1192", "versionType": "custom"}, {"status": "affected", "version": "vEL8.70", "lessThan": "2185", "versionType": "custom"}, {"status": "affected", "version": "vEL8.60", "lessThan": "2347", "versionType": "custom"}, {"status": "affected", "version": "vEL8.50", "lessThan": "2831", "versionType": "custom"}, {"status": "affected", "version": "vEL8.40"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.\n\nThis issue affects Command Centre: vEL\n\n8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), \n\nvEL8.70 prior to \n\nvEL8.70.2185 (MR4), \n\nvEL8.60 prior to \n\nvEL8.60.2347 (MR6), \n\nvEL8.50 prior to \n\nvEL8.50.2831 (MR8), all versions \n\nvEL8.40 and prior\n\n\n\n", "supportingMedia": [{"type": "text/html", "base64": false, "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.</span>\n\n<p>This issue affects Command Centre: vEL\n\n<span style=\"background-color: rgb(255, 255, 255);\">8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), \n\nvEL8.70 prior to \n\nvEL8.70.2185 (MR4), \n\nvEL8.60 prior to \n\nvEL8.60.2347 (MR6), \n\nvEL8.50 prior to \n\nvEL8.50.2831 (MR8), all versions \n\nvEL8.40 and prior</span>\n\n</p>"}]}], "references": [{"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:35:33.024Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "E51DC51C-E4D6-4C8D-8235-10258F79A6C5", "versionEndIncluding": "8.40.2216", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "B23146CE-CE9D-4850-8169-D0C168A3D037", "versionEndExcluding": "8.50.2831", "versionStartIncluding": "8.50", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "12131674-A0E9-4A12-BA87-C9207DA8C34C", "versionEndExcluding": "8.60.2347", "versionStartIncluding": "8.60", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE1E36DB-F15E-449A-A672-4853D31CE064", "versionEndExcluding": "8.70.2185", "versionStartIncluding": "8.70", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "92A438BA-DC52-4253-B5B6-4BE8CD7A1CCA", "versionEndExcluding": "8.80.1192", "versionStartIncluding": "8.80", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "110D9A0C-409D-4B1F-84B6-274B15D87CA3", "versionEndExcluding": "8.90.1318", "versionStartIncluding": "8.90", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.\n\nThis issue affects Command Centre: vEL\n\n8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), \n\nvEL8.70 prior to \n\nvEL8.70.2185 (MR4), \n\nvEL8.60 prior to \n\nvEL8.60.2347 (MR6), \n\nvEL8.50 prior to \n\nvEL8.50.2831 (MR8), all versions \n\nvEL8.40 and prior\n\n\n\n"}], "id": "CVE-2023-23568", "lastModified": "2023-08-01T20:00:27.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "disclosures@gallagher.com", "type": "Secondary"}]}, "published": "2023-07-25T02:15:09.317", "references": [{"source": "disclosures@gallagher.com", "tags": ["Vendor Advisory"], "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568"}], "sourceIdentifier": "disclosures@gallagher.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "disclosures@gallagher.com", "type": "Secondary"}]}