Lucene search
K

246 matches found

Vulnrichment
Vulnrichment
added 2024/03/05 3:11 a.m.15 views

CVE-2024-21838

Improper neutralization of special elements in output CWE-74 used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to...

6.8CVSS7.2AI score0.00304EPSS
Exploits0References1
CVE
CVE
added 2024/03/05 3:11 a.m.96 views

CVE-2024-21838

CVE-2024-21838: Improper neutralization of special elements (CWE-74) in Gallagher Command Centre’s email generation feature could allow HTML code injection in emitted emails. Affected: Gallagher Command Centre versions 9.00 before vEL9.00.1774 (MR2), 8.90 before vEL8.90.1751 (MR3), 8.80 before vE...

6.8CVSS6.8AI score0.00304EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/03/05 3:9 a.m.83 views

CVE-2024-21815

Gallagher Command Centre (Gallagher) is affected by CVE-2024-21815 due to insufficiently protected credentials (CWE-522) for third‑party DVR integrations to the Command Centre Server, potentially exposing credentials to authenticated but unprivileged users. Affected versions include 8.60 and prio...

9.1CVSS9.1AI score0.00334EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/05 3:9 a.m.13 views

CVE-2024-21815

Insufficiently protected credentials CWE-522 for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to vEL8.90.1751 MR3, 8.80 prior to vEL8.80.152...

9.1CVSS6.9AI score0.00334EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/05 3:9 a.m.26 views

CVE-2024-21815

Insufficiently protected credentials CWE-522 for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to vEL8.90.1751 MR3, 8.80 prior to vEL8.80.152...

9.1CVSS9.4AI score0.00334EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.4 views

Gallagher Command Centre security breach

Gallagher Command Centre is a centralized control tool for Gallagher access control systems from Gallagher New Zealand. A security vulnerability exists in Gallagher Command Centre that stems from inadequate protection of credentials...

9.1CVSS6.9AI score0.00334EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.4 views

Gallagher Command Centre Cross-Site Scripting Vulnerability

Gallagher Command Centre is a centralized control tool for Gallagher access control systems from Gallagher New Zealand. A security vulnerability exists in Gallagher Command Centre due to improper neutralization of special elements. The following products and versions are affected: Gallagher Comma...

6.8CVSS6.8AI score0.00304EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/04 12:0 a.m.3 views

PT-2024-19070 · Gallagher · Gallagher Command Centre

Name of the Vulnerable Software and Affected Versions: Gallagher Command Centre versions 8.60 and prior Gallagher Command Centre versions 8.70 prior to vEL8.70.2526 MR6 Gallagher Command Centre versions 8.80 prior to vEL8.80.1526 MR4 Gallagher Command Centre versions 8.90 prior to vEL8.90.1751 MR...

9.1CVSS7.2AI score0.00334EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/04 12:0 a.m.4 views

PT-2024-19085 · Gallagher · Gallagher Command Centre

Name of the Vulnerable Software and Affected Versions: Gallagher Command Centre versions 8.60 and prior Gallagher Command Centre versions 8.70 prior to vEL8.70.2526 MR6 Gallagher Command Centre versions 8.80 prior to vEL8.80.1526 MR4 Gallagher Command Centre versions 8.90 prior to vEL8.90.1751 MR...

6.8CVSS7.5AI score0.00304EPSS
Exploits0References6
NVD
NVD
added 2023/12/18 10:15 p.m.13 views

CVE-2023-23576

Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 MR2,...

4.3CVSS0.00281EPSS
Exploits0References1
NVD
NVD
added 2023/12/18 10:15 p.m.23 views

CVE-2023-23570

Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 MR2, all versions of 8.80 and prior...

8.1CVSS0.00666EPSS
Exploits0References1
NVD
NVD
added 2023/12/18 10:15 p.m.24 views

CVE-2023-46686

A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 distributed in 9.00.1507MR1...

7.1CVSS0.00523EPSS
Exploits0References1
OSV
OSV
added 2023/12/18 10:15 p.m.5 views

CVE-2023-23584

An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 MR2, 8.60 prior to vEL8.60.2039 MR4, all...

4.3CVSS5.8AI score0.00503EPSS
Exploits0References1
NVD
NVD
added 2023/12/18 10:15 p.m.31 views

CVE-2023-23584

An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 MR2, 8.60 prior to vEL8.60.2039 MR4, all...

4.3CVSS0.00503EPSS
Exploits0References1
OSV
OSV
added 2023/12/18 10:15 p.m.3 views

CVE-2023-23570

Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 MR2, all versions of 8.80 and prior...

8.1CVSS5.8AI score0.00666EPSS
Exploits0References1
Prion
Prion
added 2023/12/18 10:15 p.m.14 views

Design/Logic Flaw

Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 MR2,...

1.7CVSS7.1AI score0.00281EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/18 10:15 p.m.16 views

Security feature bypass

Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 MR2, all versions of 8.80 and prior...

5.5CVSS7.3AI score0.00666EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/18 10:15 p.m.26 views

Design/Logic Flaw

An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 MR2, 8.60 prior to vEL8.60.2039 MR4, all...

4CVSS7.1AI score0.00503EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/18 10:1 p.m.30 views

CVE-2023-46686

A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 distributed in 9.00.1507MR1...

5.5CVSS7.1AI score0.00523EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/12/18 10:1 p.m.12 views

CVE-2023-46686

A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 distributed in 9.00.1507MR1...

5.5CVSS7AI score0.00523EPSS
Exploits0References1
Rows per page
Query Builder