Vulnerabilities > Gallagher

DATE CVE VULNERABILITY TITLE RISK
2021-11-18 CVE-2021-23193 Improper Privilege Management vulnerability in Gallagher Command Centre
Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server.
network
low complexity
gallagher CWE-269
4.0
2021-11-18 CVE-2021-23197 Unquoted Search Path or Element vulnerability in Gallagher Command Centre
Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service.
local
low complexity
gallagher CWE-428
4.6
2021-11-18 CVE-2021-23146 Incorrect Comparison vulnerability in Gallagher Command Centre
An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification.
network
low complexity
gallagher CWE-697
5.0
2021-11-18 CVE-2021-23155 Improper Certificate Validation vulnerability in Gallagher Command Centre Mobile Client
Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server.
network
gallagher CWE-295
4.3
2021-11-18 CVE-2021-23162 Improper Certificate Validation vulnerability in Gallagher Command Centre Mobile Connect
Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server.
network
gallagher CWE-295
6.8
2021-11-18 CVE-2021-23167 Improper Certificate Validation vulnerability in Gallagher Command Centre
Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server.
network
gallagher CWE-295
4.3
2021-06-11 CVE-2021-23136 Unspecified vulnerability in Gallagher Command Centre
Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator.
network
low complexity
gallagher
4.0
2021-06-11 CVE-2021-23140 Unspecified vulnerability in Gallagher Command Centre
Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator.
network
low complexity
gallagher
6.5
2021-06-11 CVE-2021-23182 Cleartext Storage of Sensitive Information vulnerability in Gallagher Command Centre 8.30/8.30.1236/8.30.1299
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps.
local
low complexity
gallagher CWE-312
2.1
2021-06-11 CVE-2021-23204 Missing Authorization vulnerability in Gallagher Command Centre 8.30/8.30.1236/8.30.1299
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators.
network
low complexity
gallagher CWE-862
4.0