Vulnerabilities > Gallagher > Command Centre
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-24 | CVE-2023-22428 | Unspecified vulnerability in Gallagher Command Centre Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior. | 6.5 |
| 2022-07-06 | CVE-2022-26348 | SQL Injection vulnerability in Gallagher Command Centre Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. | 5.5 |
| 2021-11-18 | CVE-2021-23193 | Improper Privilege Management vulnerability in Gallagher Command Centre Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. | 6.5 |
| 2021-11-18 | CVE-2021-23197 | Unquoted Search Path or Element vulnerability in Gallagher Command Centre 8.50 Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. | 7.8 |
| 2021-11-18 | CVE-2021-23146 | Incorrect Comparison vulnerability in Gallagher Command Centre An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. | 7.5 |
| 2021-11-18 | CVE-2021-23167 | Improper Certificate Validation vulnerability in Gallagher Command Centre Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. | 6.8 |
| 2021-06-11 | CVE-2021-23136 | Unspecified vulnerability in Gallagher Command Centre Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. | 6.5 |
| 2021-06-11 | CVE-2021-23140 | Unspecified vulnerability in Gallagher Command Centre Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. | 8.8 |
| 2021-06-11 | CVE-2021-23182 | Cleartext Storage of Sensitive Information vulnerability in Gallagher Command Centre Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. | 4.4 |
| 2021-06-11 | CVE-2021-23204 | Missing Authorization vulnerability in Gallagher Command Centre 8.30/8.30.1236/8.30.1299 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. | 6.5 |