CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-23205
https://notcve.org/view.php?id=CVE-2021-23205
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. Una Codificación o Escape inapropiados en Gallagher Command Centre Server, permiten a un Operador de Command Centre alterar la configuración de los Controladores y otros elementos de hardware más allá de sus privilegios. Este problema afecta a: Gallagher Command Centre versiones 8.40 anteriores a 8.40.1888 (MR3); versiones 8.30 anteriores a 8.30.1359 (MR3); versiones 8.20 anteriores a 8.20.1259 (MR5); versiones 8.10 y anteriores • https://security.gallagher.com/Security-Advisories/CVE-2021-23205 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23211
https://notcve.org/view.php?id=CVE-2021-23211
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3). Una vulnerabilidad de Almacenamiento en Texto sin Cifrar de Información Confidencial en la Memoria en Gallagher Command Centre Server, permite a la clave de cifrado de Cloud de extremo a extremo ser detectada en los volcados de memoria del servidor. Este problema afecta a: Gallagher Command Centre versiones 8.40 anteriores a 8.40.1888 (MR3) • https://security.gallagher.com/Security-Advisories/CVE-2021-23211 • CWE-312: Cleartext Storage of Sensitive Information CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-23136
https://notcve.org/view.php?id=CVE-2021-23136
Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. Una vulnerabilidad de Autorización inapropiada en Gallagher Command Centre Server permite que un Operador del Centro de Comando no privilegiado llevar a cabo anulaciones de macros. Este problema afecta a: Gallagher Command Centre versiones 8.40 anteriores a 8.40.1888 (MR3); versiones 8.30 anteriores a 8.30.1359 (MR3); versiones 8.20 anteriores a 8.20.1259 (MR5); versiones 8.10 y anteriores • https://security.gallagher.com/Security-Advisories/CVE-2021-23136 • CWE-285: Improper Authorization •