Vulnerabilities > Gallagher > Command Centre > 8.50.2245
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-03-05 | CVE-2024-21815 | Insufficiently Protected Credentials vulnerability in Gallagher Command Centre Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. | 6.5 |
2024-03-05 | CVE-2024-21838 | Cross-site Scripting vulnerability in Gallagher Command Centre Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. | 5.4 |
2023-12-18 | CVE-2023-23570 | Unspecified vulnerability in Gallagher Command Centre Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. | 8.1 |
2023-07-25 | CVE-2023-23568 | Unspecified vulnerability in Gallagher Command Centre Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior | 5.4 |
2023-07-25 | CVE-2023-25074 | Unspecified vulnerability in Gallagher Command Centre Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior. | 5.4 |
2023-07-24 | CVE-2023-22428 | Unspecified vulnerability in Gallagher Command Centre Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior. | 6.5 |