CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-23146
https://notcve.org/view.php?id=CVE-2021-23146
18 Nov 2021 — An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions. Una vulnerabilidad de comparación incompleta con factores ausentes en el controlador Gallagher permite a un atacante eludir la verificación... • https://security.gallagher.com/Security-Advisories/CVE-2021-23146 • CWE-697: Incorrect Comparison CWE-1023: Incomplete Comparison with Missing Factors •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-23205
https://notcve.org/view.php?id=CVE-2021-23205
11 Jun 2021 — Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. Una Codificación o Escape inapropiados en Gallagher Command Centre Server, permiten a un Operador de Command Centre alterar l... • https://security.gallagher.com/Security-Advisories/CVE-2021-23205 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 9.9EPSS: 0%CPEs: 4EXPL: 0CVE-2021-23140
https://notcve.org/view.php?id=CVE-2021-23140
11 Jun 2021 — Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. Una vulnerabilidad de Autorización Inapropiada en Gallagher Command Centre Server, permite a las macros de la línea de comandos ser modificados por un Opera... • https://security.gallagher.com/Security-Advisories/CVE-2021-23140 • CWE-285: Improper Authorization •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23211
https://notcve.org/view.php?id=CVE-2021-23211
11 Jun 2021 — Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3). Una vulnerabilidad de Almacenamiento en Texto sin Cifrar de Información Confidencial en la Memoria en Gallagher Command Centre Server, permite a la clave de cifrado de Cloud de extremo a extremo ser detectada en los volcados de memoria del ser... • https://security.gallagher.com/Security-Advisories/CVE-2021-23211 • CWE-312: Cleartext Storage of Sensitive Information CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23182
https://notcve.org/view.php?id=CVE-2021-23182
11 Jun 2021 — Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30. Una vulnerabilidad de Almacenamiento de Texto sin Cifrar de Información Confidencial en la Memoria en Gallagher Command Center Server, permite a las claves maestras de los lectores de OSDP puedan ser detectadas en los volcados de... • https://security.gallagher.com/Security-Advisories/CVE-2021-23182 • CWE-312: Cleartext Storage of Sensitive Information CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-23204
https://notcve.org/view.php?id=CVE-2021-23204
11 Jun 2021 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3). Una vulnerabilidad de Exposición de Información Confidencial a un Actor No Autorizado en Gallagher Command Centre Server, permite al material clave OSDP ser expuesto a Operadores del Centro de Mando. Este proble... • https://security.gallagher.com/Security-Advisories/CVE-2021-23204 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 0%CPEs: 9EXPL: 0CVE-2021-23230
https://notcve.org/view.php?id=CVE-2021-23230
11 Jun 2021 — A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions. Una vulnerabilidad de Inyección SQL en la interfaz OPCUA de Gallagher Command Centre, permite... • https://security.gallagher.com/Security-Advisories/CVE-2021-23230 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-23136
https://notcve.org/view.php?id=CVE-2021-23136
11 Jun 2021 — Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. Una vulnerabilidad de Autorización inapropiada en Gallagher Command Centre Server permite que un Operador del Centro de Comando no privilegiado llevar a cabo a... • https://security.gallagher.com/Security-Advisories/CVE-2021-23136 • CWE-285: Improper Authorization •