CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42407
https://notcve.org/view.php?id=CVE-2024-42407
12 Dec 2024 — Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information to which they have not been granted access. This issue affects: Command Centre Server 9.10 prior to 9.10.2149 (MR4), 9.00 prior to 9.00.2374 (MR5), 8.90 prior to 8.90.2356 (MR6), all versions of 8.80 and prior. Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Trans... • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-42407 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43690
https://notcve.org/view.php?id=CVE-2024-43690
11 Sep 2024 — Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE). This issue affects: Command Centre Server and Command Centre Workstations 9.10 prior to vEL9.10.1530 (MR2), 9.00 prior to vEL9.00.2168 (MR4), 8.90 prior to vEL8.90.2155 (MR5), 8.80 prior to vEL8.80.1938 (MR6), all versions of 8.70 and prior. Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server a... • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43690 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21838
https://notcve.org/view.php?id=CVE-2024-21838
05 Mar 2024 — Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior. La neutralización inadecuada de elementos especiales en la salida (CWE-74) utilizados por la funci... • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21815
https://notcve.org/view.php?id=CVE-2024-21815
05 Mar 2024 — Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior. Las credenciales insuficientemente protegidas (CWE-522) para integraciones de DVR de terceros al Command Center Server son accesibles p... • https://security.gallagher.com/Security-Advisories/CVE-2024-21815 • CWE-522: Insufficiently Protected Credentials •