Vulnerabilities > Gallagher

DATE CVE VULNERABILITY TITLE RISK
2021-11-18 CVE-2021-23167 Improper Certificate Validation vulnerability in Gallagher Command Centre
Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server.
network
high complexity
gallagher CWE-295
6.8
2021-06-11 CVE-2021-23136 Unspecified vulnerability in Gallagher Command Centre
Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator.
network
low complexity
gallagher
6.5
2021-06-11 CVE-2021-23140 Unspecified vulnerability in Gallagher Command Centre
Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator.
network
low complexity
gallagher
8.8
2021-06-11 CVE-2021-23182 Cleartext Storage of Sensitive Information vulnerability in Gallagher Command Centre
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps.
local
low complexity
gallagher CWE-312
4.4
2021-06-11 CVE-2021-23204 Missing Authorization vulnerability in Gallagher Command Centre 8.30/8.30.1236/8.30.1299
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators.
network
low complexity
gallagher CWE-862
6.5
2021-06-11 CVE-2021-23205 Improper Encoding or Escaping of Output vulnerability in Gallagher Command Centre
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege.
network
low complexity
gallagher CWE-116
8.1
2021-06-11 CVE-2021-23211 Cleartext Storage of Sensitive Information vulnerability in Gallagher Command Centre
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps.
local
low complexity
gallagher CWE-312
4.4
2021-06-11 CVE-2021-23230 SQL Injection vulnerability in Gallagher Command Centre
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected.
network
low complexity
gallagher CWE-89
4.3
2020-12-14 CVE-2020-16104 SQL Injection vulnerability in Gallagher Command Centre
SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database.
network
low complexity
gallagher CWE-89
7.2
2020-12-14 CVE-2020-16103 Type Confusion vulnerability in Gallagher Command Centre
Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution.
network
low complexity
gallagher CWE-843
8.8