Vulnerabilities > Gallagher
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-25 | CVE-2023-23568 | Unspecified vulnerability in Gallagher Command Centre Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior | 5.4 |
| 2023-07-25 | CVE-2023-22363 | Out-of-bounds Write vulnerability in Gallagher Command Centre 8.80 A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2) | 7.5 |
| 2023-07-25 | CVE-2023-25074 | Unspecified vulnerability in Gallagher Command Centre Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior. | 5.4 |
| 2023-07-24 | CVE-2023-22428 | Unspecified vulnerability in Gallagher Command Centre Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior. | 6.5 |
| 2023-06-01 | CVE-2023-24584 | Classic Buffer Overflow vulnerability in Gallagher Controller 6000 Firmware Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. | 9.8 |
| 2022-07-06 | CVE-2022-26078 | Unspecified vulnerability in Gallagher Controller 6000 Firmware Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. | 7.5 |
| 2022-07-06 | CVE-2022-26348 | SQL Injection vulnerability in Gallagher Command Centre Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. | 5.5 |
| 2021-11-18 | CVE-2021-23193 | Improper Privilege Management vulnerability in Gallagher Command Centre Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. | 6.5 |
| 2021-11-18 | CVE-2021-23197 | Unquoted Search Path or Element vulnerability in Gallagher Command Centre 8.50 Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. | 7.8 |
| 2021-11-18 | CVE-2021-23146 | Incorrect Comparison vulnerability in Gallagher Command Centre An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. | 7.5 |