Vulnerabilities > Gallagher > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-06 | CVE-2022-26348 | SQL Injection vulnerability in Gallagher Command Centre Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. | 5.5 |
| 2021-11-18 | CVE-2021-23193 | Improper Privilege Management vulnerability in Gallagher Command Centre Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. | 6.5 |
| 2021-11-18 | CVE-2021-23155 | Improper Certificate Validation vulnerability in Gallagher Command Centre Mobile Client Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. | 6.8 |
| 2021-11-18 | CVE-2021-23167 | Improper Certificate Validation vulnerability in Gallagher Command Centre Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. | 6.8 |
| 2021-06-11 | CVE-2021-23136 | Unspecified vulnerability in Gallagher Command Centre Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. | 6.5 |
| 2021-06-11 | CVE-2021-23182 | Cleartext Storage of Sensitive Information vulnerability in Gallagher Command Centre Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. | 4.4 |
| 2021-06-11 | CVE-2021-23204 | Missing Authorization vulnerability in Gallagher Command Centre 8.30/8.30.1236/8.30.1299 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. | 6.5 |
| 2021-06-11 | CVE-2021-23211 | Cleartext Storage of Sensitive Information vulnerability in Gallagher Command Centre Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. | 4.4 |
| 2021-06-11 | CVE-2021-23230 | SQL Injection vulnerability in Gallagher Command Centre A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. | 4.3 |
| 2020-09-15 | CVE-2020-16099 | Unspecified vulnerability in Gallagher Command Centre 8.20/8.20.1093 In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect. | 4.3 |