Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-16104
HistoryDec 14, 2020 - 8:15 p.m.

CVE-2020-16104

2020-12-1420:15:12
CWE-89
[email protected]
web.nvd.nist.gov
24
1
cve-2020-16104
sql injection
gallagher command centre
remote attack
security vulnerability
nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.6%

JSON

SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with ‘Edit Enterprise Data Interfaces’ privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions.

Affected configurations

NVD
Node
gallaghercommand_centreRange<7.90.0
OR
gallaghercommand_centreRange8.008.00.1228
OR
gallaghercommand_centreRange8.108.10.1211
OR
gallaghercommand_centreRange8.208.20.1166
OR
gallaghercommand_centreRange8.308.30.1236
OR
gallaghercommand_centreMatch8.00.1228-
OR
gallaghercommand_centreMatch8.00.1228maintenance_release6
OR
gallaghercommand_centreMatch8.10.1211-
OR
gallaghercommand_centreMatch8.10.1211maintenance_release5
OR
gallaghercommand_centreMatch8.20.1166-
OR
gallaghercommand_centreMatch8.20.1166maintenance_release3
OR
gallaghercommand_centreMatch8.30.1236-
OR
gallaghercommand_centreMatch8.30.1236maintenance_release1

CNA Affected

[
  {
    "product": "Command Centre",
    "vendor": "Gallagher",
    "versions": [
      {
        "lessThanOrEqual": "7.90",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "8.30.1236(MR1)",
        "status": "affected",
        "version": "8.30",
        "versionType": "custom"
      },
      {
        "lessThan": "8.20.1166(MR3)",
        "status": "affected",
        "version": "8.20",
        "versionType": "custom"
      },
      {
        "lessThan": "8.10.1211(MR5)",
        "status": "affected",
        "version": "8.10",
        "versionType": "custom"
      },
      {
        "lessThan": "8.00.1228(MR6)",
        "status": "affected",
        "version": "8.00",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

cvelist 1
prion 1
nvd 1
cvelist
cvelist
CVE-2020-16104
2020-12-14 19:23:30
prion
prion
Sql injection
2020-12-14 20:15:00
nvd
nvd
CVE-2020-16104
2020-12-14 20:15:12

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.6%

JSON
Related for CVE-2020-16104
cvelist1prion1nvd1