Vulnerabilities > Gallagher
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-18 | CVE-2021-23167 | Improper Certificate Validation vulnerability in Gallagher Command Centre Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. | 4.3 |
| 2021-06-11 | CVE-2021-23136 | Unspecified vulnerability in Gallagher Command Centre Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. | 4.0 |
| 2021-06-11 | CVE-2021-23140 | Unspecified vulnerability in Gallagher Command Centre Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. | 6.5 |
| 2021-06-11 | CVE-2021-23182 | Cleartext Storage of Sensitive Information vulnerability in Gallagher Command Centre Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. | 4.4 |
| 2021-06-11 | CVE-2021-23204 | Missing Authorization vulnerability in Gallagher Command Centre 8.30/8.30.1236/8.30.1299 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. | 4.0 |
| 2021-06-11 | CVE-2021-23205 | Improper Encoding or Escaping of Output vulnerability in Gallagher Command Centre Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. | 8.5 |
| 2021-06-11 | CVE-2021-23211 | Cleartext Storage of Sensitive Information vulnerability in Gallagher Command Centre Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. | 2.1 |
| 2021-06-11 | CVE-2021-23230 | SQL Injection vulnerability in Gallagher Command Centre A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. | 3.5 |
| 2020-12-14 | CVE-2020-16104 | SQL Injection vulnerability in Gallagher Command Centre SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. | 6.5 |
| 2020-12-14 | CVE-2020-16103 | Type Confusion vulnerability in Gallagher Command Centre Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. | 6.5 |