CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-23146
https://notcve.org/view.php?id=CVE-2021-23146
18 Nov 2021 — An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions. Una vulnerabilidad de comparación incompleta con factores ausentes en el controlador Gallagher permite a un atacante eludir la verificación... • https://security.gallagher.com/Security-Advisories/CVE-2021-23146 • CWE-697: Incorrect Comparison CWE-1023: Incomplete Comparison with Missing Factors •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-23205
https://notcve.org/view.php?id=CVE-2021-23205
11 Jun 2021 — Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. Una Codificación o Escape inapropiados en Gallagher Command Centre Server, permiten a un Operador de Command Centre alterar l... • https://security.gallagher.com/Security-Advisories/CVE-2021-23205 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 9.9EPSS: 0%CPEs: 4EXPL: 0CVE-2021-23140
https://notcve.org/view.php?id=CVE-2021-23140
11 Jun 2021 — Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. Una vulnerabilidad de Autorización Inapropiada en Gallagher Command Centre Server, permite a las macros de la línea de comandos ser modificados por un Opera... • https://security.gallagher.com/Security-Advisories/CVE-2021-23140 • CWE-285: Improper Authorization •
CVSS: 9.9EPSS: 0%CPEs: 9EXPL: 0CVE-2021-23230
https://notcve.org/view.php?id=CVE-2021-23230
11 Jun 2021 — A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions. Una vulnerabilidad de Inyección SQL en la interfaz OPCUA de Gallagher Command Centre, permite... • https://security.gallagher.com/Security-Advisories/CVE-2021-23230 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-23136
https://notcve.org/view.php?id=CVE-2021-23136
11 Jun 2021 — Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. Una vulnerabilidad de Autorización inapropiada en Gallagher Command Centre Server permite que un Operador del Centro de Comando no privilegiado llevar a cabo a... • https://security.gallagher.com/Security-Advisories/CVE-2021-23136 • CWE-285: Improper Authorization •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-16103
https://notcve.org/view.php?id=CVE-2020-16103
14 Dec 2020 — Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions. Una confusión de tipos en Gallagher Command Center Server, permite a un atacante remoto bloquear el servidor o posiblemente causar una ejecución de código remota. Este problema... • https://security.gallagher.com/Security-Advisories/CVE-2020-16103 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.2EPSS: 0%CPEs: 13EXPL: 0CVE-2020-16102
https://notcve.org/view.php?id=CVE-2020-16102
14 Dec 2020 — Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions. Una vulnerabilidad de autenticación inapropiada en Gallagh... • https://security.gallagher.com/Security-Advisories/CVE-2020-16102 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 8.2EPSS: 0%CPEs: 13EXPL: 0CVE-2020-16104
https://notcve.org/view.php?id=CVE-2020-16104
14 Dec 2020 — SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions. Una vul... • https://security.gallagher.com/Security-Advisories/CVE-2020-16104 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.9EPSS: 0%CPEs: 8EXPL: 0CVE-2020-16096
https://notcve.org/view.php?id=CVE-2020-16096
15 Sep 2020 — In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components. Gallagher Command Center versiones 8.10 anteriores a 8.10.1134(MR4), ve... • https://security.gallagher.com/Security-Advisories/CVE-2020-16096 • CWE-285: Improper Authorization •
CVSS: 7.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-16097
https://notcve.org/view.php?id=CVE-2020-16097
15 Sep 2020 — On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers. En controladores que ejecutan versiones desde v8.20 anteriores a vCR8.20.200221b (distribuido... • https://security.gallagher.com/Security-Advisories/CVE-2020-16097 • CWE-522: Insufficiently Protected Credentials •