NotCVE - vendor:"Gallagher" product:"Command Centre" version:" >= 8.80

7 results (0.004 seconds)

CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-23576

https://notcve.org/view.php?id=CVE-2023-23576

18 Dec 2023 — Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior. El orden de comportamiento incorrecto en Command Center Server podría permitir q... • https://security.gallagher.com/Security-Advisories/CVE-2023-23576 • CWE-696: Incorrect Behavior Order •

CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-23570

https://notcve.org/view.php?id=CVE-2023-23570

18 Dec 2023 — Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior. La aplicación de seguridad del lado del servidor para el servidor Command Center por parte del cliente podría omitirse y dar lugar a una configuración no válida con un comportamiento indefinido. Este problema afecta: Gallagher Command Center 8.90... • https://security.gallagher.com/Security-Advisories/CVE-2023-23570 • CWE-602: Client-Side Enforcement of Server-Side Security •

CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0

CVE-2023-22439

https://notcve.org/view.php?id=CVE-2023-22439

18 Dec 2023 — Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2... • https://security.gallagher.com/Security-Advisories/CVE-2023-22439 • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-23568

https://notcve.org/view.php?id=CVE-2023-23568

25 Jul 2023 — Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568 • CWE-285: Improper Authorization •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-22363 – Access Zone stack overflow

https://notcve.org/view.php?id=CVE-2023-22363

24 Jul 2023 — A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2) • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22363 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-25074 – Competency access levels not enforced in the server

https://notcve.org/view.php?id=CVE-2023-25074

24 Jul 2023 — Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior. • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25074 • CWE-285: Improper Authorization •

CVSS: 7.6EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-22428

https://notcve.org/view.php?id=CVE-2023-22428

24 Jul 2023 — Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior. • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22428 • CWE-285: Improper Authorization •