CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-23204
https://notcve.org/view.php?id=CVE-2021-23204
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3). Una vulnerabilidad de Exposición de Información Confidencial a un Actor No Autorizado en Gallagher Command Centre Server, permite al material clave OSDP ser expuesto a Operadores del Centro de Mando. Este problema afecta a: Gallagher Command Centre versiones 8.40 anteriores a 8.40.1888 (MR3); versiones 8.30 anteriores a 8.30.1359 (MR3) • https://security.gallagher.com/Security-Advisories/CVE-2021-23204 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23182
https://notcve.org/view.php?id=CVE-2021-23182
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30. Una vulnerabilidad de Almacenamiento de Texto sin Cifrar de Información Confidencial en la Memoria en Gallagher Command Center Server, permite a las claves maestras de los lectores de OSDP puedan ser detectadas en los volcados de memoria del servidor. Este problema afecta a: Gallagher Command Center versiones 8.40 anteriores a 8.40.1888 (MR3); todas las versiones 8.30 • https://security.gallagher.com/Security-Advisories/CVE-2021-23182 • CWE-312: Cleartext Storage of Sensitive Information CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-23136
https://notcve.org/view.php?id=CVE-2021-23136
Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. Una vulnerabilidad de Autorización inapropiada en Gallagher Command Centre Server permite que un Operador del Centro de Comando no privilegiado llevar a cabo anulaciones de macros. Este problema afecta a: Gallagher Command Centre versiones 8.40 anteriores a 8.40.1888 (MR3); versiones 8.30 anteriores a 8.30.1359 (MR3); versiones 8.20 anteriores a 8.20.1259 (MR5); versiones 8.10 y anteriores • https://security.gallagher.com/Security-Advisories/CVE-2021-23136 • CWE-285: Improper Authorization •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-16103
https://notcve.org/view.php?id=CVE-2020-16103
Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions. Una confusión de tipos en Gallagher Command Center Server, permite a un atacante remoto bloquear el servidor o posiblemente causar una ejecución de código remota. Este problema afecta a: Gallagher Command Center versiones 8.30 anteriores a 8.30.1236 (MR1); versiones 8.20 anteriores a 8.20.1166(MR3); versiones 8.10 anteriores a 8.10.1211(MR5); versión 8.00 y versiones anteriores. • https://security.gallagher.com/Security-Advisories/CVE-2020-16103 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.2EPSS: 0%CPEs: 13EXPL: 0CVE-2020-16102
https://notcve.org/view.php?id=CVE-2020-16102
Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions. Una vulnerabilidad de autenticación inapropiada en Gallagher Command Center Server, permite a un atacante remoto no autenticado crear elementos con una configuración no válida, causando potencialmente que el servidor se bloquee y que no vuelva a reiniciar. Este problema afecta a: Gallagher Command Centre versiones 8.30 anteriores a 8.30.1299(MR2); versiones 8.20 anteriores a 8.20.1218(MR4); versiones 8.10 anteriores a 8.10.1253(MR6); versiones 8.00 anteriores a 8.00.1252(MR7); versión 7.90 y anteriores • https://security.gallagher.com/Security-Advisories/CVE-2020-16102 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •