CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23584
https://notcve.org/view.php?id=CVE-2023-23584
18 Dec 2023 — An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior. Una discrepancia de respuesta observable en la API REST de Gallagher Command Centre permite a un usuario sin privilegios suficientes inferir la presencia de elementos que de otro modo... • https://security.gallagher.com/Security-Advisories/CVE-2023-23584 • CWE-203: Observable Discrepancy CWE-204: Observable Response Discrepancy •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2023-23576
https://notcve.org/view.php?id=CVE-2023-23576
18 Dec 2023 — Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior. El orden de comportamiento incorrecto en Command Center Server podría permitir q... • https://security.gallagher.com/Security-Advisories/CVE-2023-23576 • CWE-696: Incorrect Behavior Order •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23570
https://notcve.org/view.php?id=CVE-2023-23570
18 Dec 2023 — Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior. La aplicación de seguridad del lado del servidor para el servidor Command Center por parte del cliente podría omitirse y dar lugar a una configuración no válida con un comportamiento indefinido. Este problema afecta: Gallagher Command Center 8.90... • https://security.gallagher.com/Security-Advisories/CVE-2023-23570 • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0CVE-2023-22439
https://notcve.org/view.php?id=CVE-2023-22439
18 Dec 2023 — Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2... • https://security.gallagher.com/Security-Advisories/CVE-2023-22439 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-23568
https://notcve.org/view.php?id=CVE-2023-23568
25 Jul 2023 — Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568 • CWE-285: Improper Authorization •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25074 – Competency access levels not enforced in the server
https://notcve.org/view.php?id=CVE-2023-25074
24 Jul 2023 — Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior. • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25074 • CWE-285: Improper Authorization •
CVSS: 7.6EPSS: 0%CPEs: 5EXPL: 0CVE-2023-22428
https://notcve.org/view.php?id=CVE-2023-22428
24 Jul 2023 — Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior. • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22428 • CWE-285: Improper Authorization •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2022-26348
https://notcve.org/view.php?id=CVE-2022-26348
06 Jul 2022 — Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.221... • https://security.gallagher.com/Security-Advisories/CVE-2022-26348 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-23193
https://notcve.org/view.php?id=CVE-2021-23193
18 Nov 2021 — Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions. Una vulnerabilidad de comprobación de privilegios inapropiada en l... • https://security.gallagher.com/Security-Advisories/CVE-2021-23193 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-23167
https://notcve.org/view.php?id=CVE-2021-23167
18 Nov 2021 — Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; version 8.20 and prior versions. Una vulnerabilidad de comprobación de certificados inapropiada en el cliente SMTP permite que un ataque de tipo man-in-the-middle recupere información con... • https://security.gallagher.com/Security-Advisories/CVE-2021-23167 • CWE-295: Improper Certificate Validation •