Gallagher Command Centre

26 CVEs affecting Gallagher Command Centre. Latest disclosed: 2024-07-11. Critical: 4, High: 13.

Top CVEs affecting Gallagher Command Centre
CVESeverityScorePublishedSummary
CVE-2021-23230Critical9.92021-06-11A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre…
CVE-2021-23140Critical9.92021-06-11Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. T…
CVE-2020-16096Critical9.92020-09-15In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70…
CVE-2020-16098Critical9.82020-09-15It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20…
CVE-2020-16103High8.82020-12-14Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gal…
CVE-2022-26348High8.22022-07-06Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attack…
CVE-2020-16104High8.22020-12-14SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege…
CVE-2021-23193High8.12021-11-18Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensiti…
CVE-2021-23167High8.12021-11-18Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server…
CVE-2021-23205High8.12021-06-11Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware…
CVE-2021-23204High8.12021-06-11Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command C…
CVE-2023-22428High7.62023-07-24 Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80…
CVE-2020-16101High7.52020-09-15It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected vers…
CVE-2020-16100High7.52020-09-15It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of…
CVE-2020-16097High7.32020-09-15On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5))…
CVE-2023-25074High7.12023-07-24 Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects C…
CVE-2020-16102High7.12020-12-14Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration…
CVE-2023-22363Medium6.52023-07-24 A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group…
CVE-2021-23136Medium6.52021-06-11Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This…
CVE-2021-23211Medium6.02021-06-11Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable…