exploitDog

CVE-2024-21838

Опубликовано: 05 мар. 2024

Источник: nvd

CVSS3: 6.8

CVSS3: 5.4

EPSS Низкий

Описание

Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre.

This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.

Ссылки

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838
Vendor Advisory
https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия до 8.60 (включая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 8.70 (включая) до 8.70.2526 (исключая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 8.80 (включая) до 8.80.1526 (исключая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 8.90 (включая) до 8.90.1751 (исключая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 9.00 (включая) до 9.00.1774 (исключая)

EPSS

Процентиль: 55%

0.0032

Низкий

6.8 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-74

CWE-79

Связанные уязвимости

GHSA-jg3j-pgx3-878w

CVSS3: 6.8

github

почти 2 года назад

Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.

EPSS

Процентиль: 55%

0.0032

Низкий

6.8 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-74

CWE-79