37 matches found
CVE-2019-12492
The CVE-2019-12492 entry concerns Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128. The connected documents indicate the vulnerability enables arbitrary event creation and information disclosure through the FT Command Centre Service and FT Controller Serv...
CVE-2019-19801
CVE-2019-19801 affects Gallagher Command Centre Server versions: v8.10 before 8.10.1134 (MR4), v8.00 before 8.00.1161 (MR5), v7.90 before 7.90.991 (MR5), v7.80 before 7.80.960 (MR2), and v7.70 or earlier. The issue allows an unprivileged but authenticated user to perform a backup of the Command C...
CVE-2020-7215
Gallagher Command Centre (versions 7.x prior to 7.90.991 MR5; 8.00 prior to 8.00.1161 MR5; 8.10 prior to 8.10.1134 MR4) contains an information disclosure vulnerability where external system configuration data used for third‑party integrations (e.g., DVR systems) is logged in the Event Trail. Any...
CVE-2019-19802
The CVE covers Gallagher Command Centre Server: affected versions are v8.10 before 8.10.1134 (MR4), v8.00 before 8.00.1161 (MR5), v7.90 before 7.90.991 (MR5), v7.80 before 7.80.960 (MR2), and v7.70 or earlier. An authenticated user connecting to OPC UA can view all data that would be replicated i...
CVE-2024-21838
CVE-2024-21838: Improper neutralization of special elements (CWE-74) in Gallagher Command Centre’s email generation feature could allow HTML code injection in emitted emails. Affected: Gallagher Command Centre versions 9.00 before vEL9.00.1774 (MR2), 8.90 before vEL8.90.1751 (MR3), 8.80 before vE...
CVE-2024-21815
Gallagher Command Centre (Gallagher) is affected by CVE-2024-21815 due to insufficiently protected credentials (CWE-522) for third‑party DVR integrations to the Command Centre Server, potentially exposing credentials to authenticated but unprivileged users. Affected versions include 8.60 and prio...
CVE-2020-16103
CVE-2020-16103 is a type-confusion vulnerability in Gallagher Command Centre Server. Affected products include Gallagher Command Centre 8.30 (before 8.30.1236 MR1), 8.20 (before 8.20.1166 MR3), 8.10 (before 8.10.1211 MR5), and 8.00 and earlier versions. The issue allows a remote attacker to crash...
CVE-2021-23167
CVE-2021-23167 affects Gallagher Command Centre Server. The issue is an improper certificate validation in the SMTP client, enabling a man-in-the-middle to obtain sensitive information from the Command Centre Server. Affected versions include Gallagher Command Centre Server 8.50 before 8.50.2048 ...
CVE-2022-26348
CVE-2022-26348 describes a SQL Injection vulnerability in Gallagher Command Centre Server, activated via Windows Registry settings for date fields. An attacker using the Visitor Management Kiosk (a public-use application) can invoke an arbitrary SQL query preloaded into the server’s registry to o...
CVE-2020-16098
CVE-2020-16098 affects Gallagher Command Centre. An unauthenticated network attacker can enumerate access card credentials on: v8.20 before 8.20.1166 (MR3); v8.10 before 8.10.1211 (MR5); v8.00 before 8.00.1228 (MR6); and all 7.90 and earlier. Credentials can be used to encode low-security cards w...
CVE-2021-23146
The CVE-2021-23146 entry concerns an Incomplete Comparison with Missing Factors vulnerability in Gallagher Command Centre (Gallagher Controller). Affected software: Gallagher Command Centre versions prior to 8.40.1888 (MR3); prior to 8.30.1454 (MR3); prior to 8.20.1291 (MR5); prior to 8.10.1284 (...
CVE-2020-16097
CVE-2020-16097 affects Gallagher controllers running multiple legacy v8.x/v7.x releases (v8.20 pre-CR8.20.200221b, v8.10 pre-vGR8.10.179, v8.00 pre-vGR8.00.165, v7.90 pre-vGR7.90.165, v7.80 or earlier). The issue enables retrieval of site keys used to secure MIFARE Plus and Desfire via debug port...
CVE-2023-46686
The CVE-2023-46686 affects the Gallagher Command Centre Diagnostics Service (prior to v1.3.0, distributed in 9.00.1507(MR1)). The issue is a reliance on untrusted inputs within a security decision that can allow a privileged user to configure the Diagnostics Service to use less secure communicati...
CVE-2020-16104
CVE-2020-16104 describes an SQL injection vulnerability in the Enterprise Data Interface (EDI) of Gallagher Command Centre. Remote attackers with the privilege to edit EDI entries can execute arbitrary SQL against a third‑party database if EDI is configured to import data from that database. Affe...
CVE-2021-23197
CVE-2021-23197 describes an unquoted service path vulnerability in the Gallagher Controller Service, affecting Gallagher Command Centre 8.50 (pre-8.50.2048 MR3) . The underlying issue is that the service executable path is unquoted, allowing an unprivileged user to cause the service to execute co...
CVE-2023-25074
CVE-2023-25074 affects Gallagher Command Centre Server. The issue is improper privilege validation that allows authenticated, unprivileged operators to modify and view Competencies. Affected versions (Command Centre) include vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2)...
CVE-2021-23211
CVE-2021-23211 affects Gallagher Command Centre Server (Gallagher Command Centre 8.40 prior to 8.40.1888 MR3). The root cause is Cleartext Storage of Sensitive Information in Memory, allowing the Cloud end-to-end encryption key to be recoverable from server memory dumps. The connected PT-2021-154...
CVE-2021-23205
Gallagher Command Centre Server is affected by an improper encoding/escaping vulnerability that lets a Command Centre Operator alter the configuration of controllers and other hardware items beyond their privileges. Affected versions include Gallagher Command Centre 8.40 before 8.40.1888 (MR3), 8...
CVE-2020-16101
CVE-2020-16101 affects the Command Centre service. An unauthenticated remote DCOM websocket connection can crash the service due to an out-of-bounds buffer access. Affected versions: v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), and all versions o...
CVE-2020-16102
Gallagher Command Centre Server is affected by an Improper Authentication vulnerability (CVE-2020-16102) allowing an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. Public references list affected versions: 8...
CVE-2021-23230
CVE-2021-23230 describes a SQL injection vulnerability in the Gallagher Command Centre’s OPCUA interface. The root cause is lack of validation of externally entered SQL statements, allowing a remote unprivileged Command Centre Operator to modify the command center databases undetected. Affected v...
CVE-2023-23570
Gallagher Command Centre is affected by CVE-2023-23570 due to client-side enforcement bypassing server-side security, which can lead to invalid configurations and undefined behavior. Affected products and versions include Gallagher Command Centre 8.80 and prior, and 8.90 prior to vEL8.90.1620 (MR...
CVE-2021-23193
The CVE-2021-23193 entry describes an improper privilege validation vulnerability in the COM interface of Gallagher Command Centre Server. This allows an authenticated, unprivileged operator to retrieve sensitive information from the Command Centre Server. Affected are Gallagher Command Centre 8....
CVE-2021-23204
Technical details about CVE-2021-23204 are not publicly provided in the attached documents. The available sources reproduce the exposure description but do not specify affected products/versions beyond Gallagher Command Centre, root cause, or fixed versions. Monitor for updates.
CVE-2020-16099
Gallagher Command Centre (v8.20, prior to v8.20.1093MR2) is affected by CVE-2020-16099. The vulnerability allows attackers to create Guard Tour events that, when accessed (e.g., via reporting), can cause client applications to temporarily hang or disconnect. Public technical details are limited i...
CVE-2019-15294
Gallagher Command Centre 8.10 before 8.10.1092(MR2) is affected. If, during an upgrade, a custom service account is in use and the visitor management service is installed, the Windows username and password for that service are logged in cleartext to the Command_centre.log file. This constitutes a...
CVE-2020-16096
CVE-2020-16096 (Gallagher Command Centre) affects Gallagher Command Centre versions: 8.10 before 8.10.1134(MR4), 8.00 before 8.00.1161(MR5), 7.90 before 7.90.991(MR5), 7.80 before 7.80.960(MR2), and 7.70 and earlier. The issue allows any operator account to access data that would be replicated in...
CVE-2023-22428
CVE-2023-22428 describes an improper privilege validation in Gallagher Command Centre Server that allows authenticated operators to modify Division lineage. Affected Command Centre versions include vEL8.80 (before 8.80.1192 MR2), vEL8.70 (before 8.70.2185 MR4), vEL8.60 (before 8.60.2347 MR6), vEL...
CVE-2021-23182
The CVE-2021-23182 issue affects Gallagher Command Centre Server, where cleartext storage of sensitive information in memory enables discovery of OSDP reader master keys in server memory dumps. Affected are Gallagher Command Centre Server versions prior to 8.40.1888 (MR3) and all 8.30 versions. T...
CVE-2023-23584
CVE-2023-23584 concerns Gallagher Command Centre. A bug in the REST API creates an observable response discrepancy that lets an insufficiently privileged user infer the presence of items that would normally be hidden. Affected versions include Gallagher Command Centre 8.50 and earlier, 8.60 prior...
CVE-2021-23140
CVE-2021-23140 describes an Improper Authorization vulnerability in Gallagher Command Centre Server that allows an unauthorised Command Centre Operator to modify command line macros. Affected are Gallagher Command Centre: 8.40 prior to 8.40.1888 (MR3); 8.30 prior to 8.30.1359 (MR3); 8.20 prior to...
CVE-2020-16100
CVE-2020-16100 describes an unauthenticated remote DCOM websocket connection that can crash the Command Centre service’s DCOM websocket thread due to improper shutdown of closed websocket connections, preventing future DCOM websocket (Configuration Client) connections. Affected versions are v8.20...
CVE-2021-23136
The CVE-2021-23136 entry describes an Improper Authorization vulnerability in Gallagher Command Centre Server that lets an unprivileged Command Centre Operator perform macro overrides. Affected are Gallagher Command Centre Server versions: 8.40 before 8.40.1888 (MR3); 8.30 before 8.30.1359 (MR3);...
CVE-2023-23568
CVE-2023-23568 affects Gallagher Command Centre Server (Command Centre) with improper privilege validation that allows authenticated unprivileged operators to modify and view Personal Data Fields. Public details enumerate affected releases: vEL8.40 and prior; vEL8.50 prior to vEL8.50.2831 (MR8); ...
CVE-2023-22439
The CVE-2023-22439 entry concerns Gallagher Controller 6000 and 7000 (all affected versions listed below) and stems from improper input validation of a large HTTP request in the diagnostic web interface (Port 80). This vulnerability can be exploited to cause a Denial of Service against the diagno...
CVE-2023-22363
CVE-2023-22363 describes a stack-based buffer overflow in Gallagher’s Command Centre Server . Affected versions are vEL8.80 prior to vEL8.80.1192 (MR2) . The vulnerability allows a denial of service by an attacker who assigns cardholders to an Access Group, due to a likely overflow in the server ...
CVE-2023-23576
The CVE describes an incorrect behavior order in Gallagher Command Centre Server that could let a privileged user extend physical site access after a network outage when competencies are used in access decisions. Affected are Gallagher Command Centre versions: 8.50 and prior; 8.60 prior to MR7 (v...