Gallagher Command Centre Server Client-Side Enforcement Vulnerability Allowing Expired Competency Data Bypass

Vulnerability

A vulnerability in Gallagher Command Centre Server exists in versions 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), and all versions of 9.00 and prior. This issue involves client-side enforcement of server-side security, allowing privileged operators to input invalid competency data that bypasses expiry checks. Only sites utilizing competency expiries for access control are affected.

Impact

Exploitation of this vulnerability could lead to unauthorized access or privileges by allowing the entry of invalid competency data that bypasses established expiry checks, potentially disrupting access control decisions.

Added: Oct 23, 2025, 4:20 AM

Updated: Oct 23, 2025, 4:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gallagher Command Centre Server Client-Side Enforcement Vulnerability Allowing Expired Competency Data Bypass

Vulnerability

Impact

Affected Products

Gallagher Command Centre Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating