CVE-2023-46686

HIGH Year: 2023
CVSS v3 Score
7.1
High
Weakness Type
CWE-807
View all →

Vulnerability Description

A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).

Related Vulnerabilities

CVE-2024-51561

CRITICAL
CVSS:7.5(High)

This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting...

CWE-8072024

CVE-2023-0009

HIGH
CVSS:7.8(High)

A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges.

CWE-8072023

CVE-2021-29479

MEDIUM
CVSS:6.1(Medium)

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied `X-Forwarded-Host` header can be used to perform cache poisoning of a cache fronting a Ratpack server if...

CWE-8072021

CVE-2022-24400

MEDIUM
CVSS:5.9(Medium)

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.

CWE-8072022

CVE-2024-21510

MEDIUM
CVSS:5.4(Medium)

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect ...

CWE-8072024

CVE-2021-31999

HIGH
CVSS:8.8(High)

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group...

CWE-8072021