Vulnerabilities > Gallagher > Command Centre > 7.80.960

DATE CVE VULNERABILITY TITLE RISK
2021-11-18 CVE-2021-23193 Improper Privilege Management vulnerability in Gallagher Command Centre
Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server.
network
low complexity
gallagher CWE-269
6.5
2021-11-18 CVE-2021-23146 Incorrect Comparison vulnerability in Gallagher Command Centre
An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification.
network
low complexity
gallagher CWE-697
7.5
2021-11-18 CVE-2021-23167 Improper Certificate Validation vulnerability in Gallagher Command Centre
Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server.
network
high complexity
gallagher CWE-295
6.8
2021-06-11 CVE-2021-23136 Unspecified vulnerability in Gallagher Command Centre
Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator.
network
low complexity
gallagher
6.5
2021-06-11 CVE-2021-23140 Unspecified vulnerability in Gallagher Command Centre
Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator.
network
low complexity
gallagher
8.8
2021-06-11 CVE-2021-23205 Improper Encoding or Escaping of Output vulnerability in Gallagher Command Centre
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege.
network
low complexity
gallagher CWE-116
8.1
2021-06-11 CVE-2021-23230 SQL Injection vulnerability in Gallagher Command Centre
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected.
network
low complexity
gallagher CWE-89
4.3
2020-12-14 CVE-2020-16104 SQL Injection vulnerability in Gallagher Command Centre
SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database.
network
low complexity
gallagher CWE-89
7.2
2020-12-14 CVE-2020-16103 Type Confusion vulnerability in Gallagher Command Centre
Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution.
network
low complexity
gallagher CWE-843
8.8
2020-12-14 CVE-2020-16102 Missing Authentication for Critical Function vulnerability in Gallagher Command Centre
Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart.
network
low complexity
gallagher CWE-306
8.2