Vulnerabilities > Gallagher > Command Centre > 9.00
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-05 | CVE-2024-21815 | Insufficiently Protected Credentials vulnerability in Gallagher Command Centre Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. | 6.5 |
| 2024-03-05 | CVE-2024-21838 | Cross-site Scripting vulnerability in Gallagher Command Centre Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. | 5.4 |
| 2023-12-18 | CVE-2023-46686 | Unspecified vulnerability in Gallagher Command Centre 9.00/9.00.1507 A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. | 7.1 |