Vulnerabilities > Gallagher > Command Centre > 7.90.1038
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-22439 | Improper Input Validation vulnerability in Gallagher Command Centre and Controller 6000 Firmware Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior. | 4.3 |
| 2023-12-18 | CVE-2023-23570 | Unspecified vulnerability in Gallagher Command Centre Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. | 8.1 |
| 2023-12-18 | CVE-2023-23576 | Unspecified vulnerability in Gallagher Command Centre Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. low complexity gallagher | 4.3 |
| 2023-12-18 | CVE-2023-23584 | Information Exposure Through Discrepancy vulnerability in Gallagher Command Centre An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. | 4.3 |
| 2023-07-25 | CVE-2023-23568 | Unspecified vulnerability in Gallagher Command Centre Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior | 5.4 |
| 2023-07-25 | CVE-2023-25074 | Unspecified vulnerability in Gallagher Command Centre Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior. | 5.4 |
| 2023-07-24 | CVE-2023-22428 | Unspecified vulnerability in Gallagher Command Centre Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior. | 6.5 |
| 2022-07-06 | CVE-2022-26348 | SQL Injection vulnerability in Gallagher Command Centre Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. | 2.1 |
| 2021-11-18 | CVE-2021-23193 | Improper Privilege Management vulnerability in Gallagher Command Centre Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. | 4.0 |
| 2021-11-18 | CVE-2021-23146 | Incorrect Comparison vulnerability in Gallagher Command Centre An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. | 7.5 |