Vulnerabilities > Gallagher

DATE CVE VULNERABILITY TITLE RISK
2021-06-11 CVE-2021-23136 Incorrect Authorization vulnerability in Gallagher Command Centre
Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator.
network
low complexity
gallagher CWE-863
4.0
2021-06-11 CVE-2021-23140 Incorrect Authorization vulnerability in Gallagher Command Centre
Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator.
network
low complexity
gallagher CWE-863
6.5
2021-06-11 CVE-2021-23182 Cleartext Storage of Sensitive Information vulnerability in Gallagher Command Centre 8.30/8.30.1236/8.30.1299
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps.
local
low complexity
gallagher CWE-312
2.1
2021-06-11 CVE-2021-23204 Missing Authorization vulnerability in Gallagher Command Centre 8.30/8.30.1236/8.30.1299
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators.
network
low complexity
gallagher CWE-862
4.0
2021-06-11 CVE-2021-23205 Improper Encoding or Escaping of Output vulnerability in Gallagher Command Centre
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege.
network
low complexity
gallagher CWE-116
8.5
2021-06-11 CVE-2021-23211 Missing Encryption of Sensitive Data vulnerability in Gallagher Command Centre
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps.
local
low complexity
gallagher CWE-311
2.1
2021-06-11 CVE-2021-23230 SQL Injection vulnerability in Gallagher Command Centre
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected.
network
gallagher CWE-89
3.5
2020-12-14 CVE-2020-16104 SQL Injection vulnerability in Gallagher Command Centre
SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database.
network
low complexity
gallagher CWE-89
6.5
2020-12-14 CVE-2020-16103 Incorrect Type Conversion or Cast vulnerability in Gallagher Command Centre
Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution.
network
low complexity
gallagher CWE-704
6.5
2020-12-14 CVE-2020-16102 Improper Authentication vulnerability in Gallagher Command Centre
Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart.
network
low complexity
gallagher CWE-287
6.4