{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T17:16:39.448","vulnerabilities":[{"cve":{"id":"CVE-2024-21815","sourceIdentifier":"disclosures@gallagher.com","published":"2024-03-05T03:15:06.060","lastModified":"2025-02-10T22:36:41.683","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"\nInsufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. \n\nThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6),  all version of 8.60 and prior.\n\n\n\n"},{"lang":"es","value":"Las credenciales insuficientemente protegidas (CWE-522) para integraciones de DVR de terceros al Command Center Server son accesibles para usuarios autenticados pero sin privilegios. Este problema afecta a: Gallagher Command Center 9.00 anterior a vEL9.00.1774 (MR2), 8.90 anterior a vEL8.90.1751 (MR3), 8.80 anterior a vEL8.80.1526 (MR4), 8.70 anterior a vEL8.70.2526 (MR6), todas las versiones de 8.60 y anteriores."}],"metrics":{"cvssMetricV31":[{"source":"disclosures@gallagher.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":5.3},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"disclosures@gallagher.com","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*","versionEndIncluding":"8.60","matchCriteriaId":"E6CB4E79-0153-4DB1-BE98-91A39FB06C5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*","versionStartIncluding":"8.70","versionEndExcluding":"8.70.2526","matchCriteriaId":"FA675A52-8CC9-4A20-8EB1-7A066FB8E3C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*","versionStartIncluding":"8.80","versionEndExcluding":"8.80.1526","matchCriteriaId":"6BCEEB9A-DB54-4FFB-A596-29E7329958F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*","versionStartIncluding":"8.90","versionEndExcluding":"8.90.1751","matchCriteriaId":"5770EF66-119E-414B-9188-53D5935D8CFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*","versionStartIncluding":"9.00","versionEndExcluding":"9.00.1774","matchCriteriaId":"AC849EB3-3967-4018-B28E-83C39E99BB6A"}]}]}],"references":[{"url":"https://security.gallagher.com/Security-Advisories/CVE-2024-21815","source":"disclosures@gallagher.com","tags":["Vendor Advisory"]},{"url":"https://security.gallagher.com/Security-Advisories/CVE-2024-21815","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}