Vulnerabilities > Gallagher > Command Centre > 7.80.960
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-18 | CVE-2021-23167 | Improper Certificate Validation vulnerability in Gallagher Command Centre Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. | 4.3 |
| 2021-06-11 | CVE-2021-23136 | Unspecified vulnerability in Gallagher Command Centre Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. | 4.0 |
| 2021-06-11 | CVE-2021-23140 | Unspecified vulnerability in Gallagher Command Centre Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. | 6.5 |
| 2021-06-11 | CVE-2021-23205 | Improper Encoding or Escaping of Output vulnerability in Gallagher Command Centre Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. | 8.5 |
| 2021-06-11 | CVE-2021-23230 | SQL Injection vulnerability in Gallagher Command Centre A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. | 3.5 |
| 2020-12-14 | CVE-2020-16104 | SQL Injection vulnerability in Gallagher Command Centre SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. | 6.5 |
| 2020-12-14 | CVE-2020-16103 | Type Confusion vulnerability in Gallagher Command Centre Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. | 6.5 |
| 2020-12-14 | CVE-2020-16102 | Missing Authentication for Critical Function vulnerability in Gallagher Command Centre Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. | 6.4 |
| 2020-09-15 | CVE-2020-16096 | Unspecified vulnerability in Gallagher Command Centre In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. | 4.0 |
| 2020-01-17 | CVE-2019-19802 | Information Exposure vulnerability in Gallagher Command Centre In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied. | 4.0 |