CVE-2021-23197

Severity CVSS v4.0:
Pending analysis
Type:
CWE-428 Unquoted Search Path or Element
Publication date:
18/11/2021
Last modified:
23/11/2021

Description

Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:* 8.50 (including) 8.50.2048 (excluding)


References to Advisories, Solutions, and Tools