CVE-2021-23167: 
Gallagher Command Centre vulnerability analysis and mitigation

Improper certificate validation vulnerability (CWE-295) in SMTP Client of Gallagher Command Centre allows man-in-the-middle attacks to retrieve sensitive information from the Command Centre Server. This vulnerability affects Gallagher Command Centre versions 8.50 prior to 8.50.2048 (MR3), 8.40 prior to 8.40.2063 (MR4), 8.30 prior to 8.30.1454 (MR4), and all versions of 8.20 (Gallagher Security).

The vulnerability has been assigned a High severity rating with a CVSS v3.1 score configuration of AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L. The vulnerability stems from improper validation of certificates in the SMTP client component, which could allow an attacker to intercept and potentially manipulate communications between the Command Centre Server and SMTP services (Gallagher Security).

The vulnerability could lead to unauthorized access to sensitive information through man-in-the-middle attacks. The CVSS scoring indicates high potential for confidentiality breach with lower but significant impacts on integrity and availability of the affected systems (Gallagher Security).

Gallagher has released maintenance releases to address this vulnerability: v8.50.2048 (MR3), v8.40.2063 (MR4), and v8.30.1454 (MR4). Users are advised to upgrade their Command Centre server to these patched versions (Gallagher Security).