Vulnerabilities > Gallagher > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-14 | CVE-2020-16104 | SQL Injection vulnerability in Gallagher Command Centre SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. | 7.2 |
| 2020-12-14 | CVE-2020-16103 | Type Confusion vulnerability in Gallagher Command Centre Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. | 8.8 |
| 2020-12-14 | CVE-2020-16102 | Missing Authentication for Critical Function vulnerability in Gallagher Command Centre Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. | 8.2 |
| 2020-09-15 | CVE-2020-16101 | Out-of-bounds Read vulnerability in Gallagher Command Centre It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. | 7.5 |
| 2020-09-15 | CVE-2020-16100 | Improper Resource Shutdown or Release vulnerability in Gallagher Command Centre It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. | 7.5 |
| 2020-09-15 | CVE-2020-16096 | Unspecified vulnerability in Gallagher Command Centre In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. | 7.7 |