CVE Vulnerabilities

CVE-2020-16102

Improper Authentication

Published: Dec 14, 2020 | Modified: Nov 21, 2024
CVSS 3.x
8.2
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Command_centre Gallagher * 7.90.0 (excluding)
Command_centre Gallagher 8.00 (including) 8.00.1252 (excluding)
Command_centre Gallagher 8.10 (including) 8.10.1253 (excluding)
Command_centre Gallagher 8.20 (including) 8.20.1218 (excluding)
Command_centre Gallagher 8.30 (including) 8.30.1299 (excluding)
Command_centre Gallagher 8.00.1252 (including) 8.00.1252 (including)
Command_centre Gallagher 8.00.1252-maintenance_release7 (including) 8.00.1252-maintenance_release7 (including)
Command_centre Gallagher 8.10.1253 (including) 8.10.1253 (including)
Command_centre Gallagher 8.10.1253-maintenance_release6 (including) 8.10.1253-maintenance_release6 (including)
Command_centre Gallagher 8.20.1218 (including) 8.20.1218 (including)
Command_centre Gallagher 8.20.1218-maintenance_release4 (including) 8.20.1218-maintenance_release4 (including)
Command_centre Gallagher 8.30.1299 (including) 8.30.1299 (including)
Command_centre Gallagher 8.30.1299-maintenance_release2 (including) 8.30.1299-maintenance_release2 (including)

Potential Mitigations

References