CVE-2021-23182
https://notcve.org/view.php?id=CVE-2021-23182
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30. Una vulnerabilidad de Almacenamiento de Texto sin Cifrar de Información Confidencial en la Memoria en Gallagher Command Center Server, permite a las claves maestras de los lectores de OSDP puedan ser detectadas en los volcados de memoria del servidor. Este problema afecta a: Gallagher Command Center versiones 8.40 anteriores a 8.40.1888 (MR3); todas las versiones 8.30 • https://security.gallagher.com/Security-Advisories/CVE-2021-23182 • CWE-312: Cleartext Storage of Sensitive Information CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVE-2021-23136
https://notcve.org/view.php?id=CVE-2021-23136
Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. Una vulnerabilidad de Autorización inapropiada en Gallagher Command Centre Server permite que un Operador del Centro de Comando no privilegiado llevar a cabo anulaciones de macros. Este problema afecta a: Gallagher Command Centre versiones 8.40 anteriores a 8.40.1888 (MR3); versiones 8.30 anteriores a 8.30.1359 (MR3); versiones 8.20 anteriores a 8.20.1259 (MR5); versiones 8.10 y anteriores • https://security.gallagher.com/Security-Advisories/CVE-2021-23136 • CWE-285: Improper Authorization •
CVE-2020-16103
https://notcve.org/view.php?id=CVE-2020-16103
Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions. Una confusión de tipos en Gallagher Command Center Server, permite a un atacante remoto bloquear el servidor o posiblemente causar una ejecución de código remota. Este problema afecta a: Gallagher Command Center versiones 8.30 anteriores a 8.30.1236 (MR1); versiones 8.20 anteriores a 8.20.1166(MR3); versiones 8.10 anteriores a 8.10.1211(MR5); versión 8.00 y versiones anteriores. • https://security.gallagher.com/Security-Advisories/CVE-2020-16103 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2020-16102
https://notcve.org/view.php?id=CVE-2020-16102
Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions. Una vulnerabilidad de autenticación inapropiada en Gallagher Command Center Server, permite a un atacante remoto no autenticado crear elementos con una configuración no válida, causando potencialmente que el servidor se bloquee y que no vuelva a reiniciar. Este problema afecta a: Gallagher Command Centre versiones 8.30 anteriores a 8.30.1299(MR2); versiones 8.20 anteriores a 8.20.1218(MR4); versiones 8.10 anteriores a 8.10.1253(MR6); versiones 8.00 anteriores a 8.00.1252(MR7); versión 7.90 y anteriores • https://security.gallagher.com/Security-Advisories/CVE-2020-16102 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVE-2020-16104
https://notcve.org/view.php?id=CVE-2020-16104
SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions. Una vulnerabilidad de inyección SQL en Enterprise Data Interface de Gallagher Command Centre, permite a un atacante remoto con privilegio de "Edit Enterprise Data Interfaces" ejecutar un SQL arbitrario contra una base de datos de terceros si EDI está configurado para importar datos de esta base de datos. Este problema afecta a: Gallagher Command Center versiones 8.30 anteriores a 8.30.1236(MR1); versiones 8.20 anteriores a 8.20.1166(MR3); versiones 8.10 anteriores a 8.10.1211 (MR5); versiones 8.00 anteriores a 8.00.1228(MR6); versión 7.90 y versiones anteriores. • https://security.gallagher.com/Security-Advisories/CVE-2020-16104 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •