CVE-2020-16104
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions.
Una vulnerabilidad de inyección SQL en Enterprise Data Interface de Gallagher Command Centre, permite a un atacante remoto con privilegio de "Edit Enterprise Data Interfaces" ejecutar un SQL arbitrario contra una base de datos de terceros si EDI está configurado para importar datos de esta base de datos. Este problema afecta a: Gallagher Command Center versiones 8.30 anteriores a 8.30.1236(MR1); versiones 8.20 anteriores a 8.20.1166(MR3); versiones 8.10 anteriores a 8.10.1211 (MR5); versiones 8.00 anteriores a 8.00.1228(MR6); versión 7.90 y versiones anteriores.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-07-28 CVE Reserved
- 2020-12-14 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gallagher.com/Security-Advisories/CVE-2020-16104 | 2020-12-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gallagher Search vendor "Gallagher" | Command Centre Search vendor "Gallagher" for product "Command Centre" | < 7.90.0 Search vendor "Gallagher" for product "Command Centre" and version " < 7.90.0" | - |
Affected
| ||||||
| Gallagher Search vendor "Gallagher" | Command Centre Search vendor "Gallagher" for product "Command Centre" | >= 8.00 < 8.00.1228 Search vendor "Gallagher" for product "Command Centre" and version " >= 8.00 < 8.00.1228" | - |
Affected
| ||||||
| Gallagher Search vendor "Gallagher" | Command Centre Search vendor "Gallagher" for product "Command Centre" | >= 8.10 < 8.10.1211 Search vendor "Gallagher" for product "Command Centre" and version " >= 8.10 < 8.10.1211" | - |
Affected
| ||||||
| Gallagher Search vendor "Gallagher" | Command Centre Search vendor "Gallagher" for product "Command Centre" | >= 8.20 < 8.20.1166 Search vendor "Gallagher" for product "Command Centre" and version " >= 8.20 < 8.20.1166" | - |
Affected
| ||||||
| Gallagher Search vendor "Gallagher" | Command Centre Search vendor "Gallagher" for product "Command Centre" | >= 8.30 < 8.30.1236 Search vendor "Gallagher" for product "Command Centre" and version " >= 8.30 < 8.30.1236" | - |
Affected
| ||||||
| Gallagher Search vendor "Gallagher" | Command Centre Search vendor "Gallagher" for product "Command Centre" | 8.00.1228 Search vendor "Gallagher" for product "Command Centre" and version "8.00.1228" | - |
Affected
| ||||||
| Gallagher Search vendor "Gallagher" | Command Centre Search vendor "Gallagher" for product "Command Centre" | 8.00.1228 Search vendor "Gallagher" for product "Command Centre" and version "8.00.1228" | maintenance_release6 |
Affected
| ||||||
| Gallagher Search vendor "Gallagher" | Command Centre Search vendor "Gallagher" for product "Command Centre" | 8.10.1211 Search vendor "Gallagher" for product "Command Centre" and version "8.10.1211" | - |
Affected
| ||||||
| Gallagher Search vendor "Gallagher" | Command Centre Search vendor "Gallagher" for product "Command Centre" | 8.10.1211 Search vendor "Gallagher" for product "Command Centre" and version "8.10.1211" | maintenance_release5 |
Affected
| ||||||
| Gallagher Search vendor "Gallagher" | Command Centre Search vendor "Gallagher" for product "Command Centre" | 8.20.1166 Search vendor "Gallagher" for product "Command Centre" and version "8.20.1166" | - |
Affected
| ||||||
| Gallagher Search vendor "Gallagher" | Command Centre Search vendor "Gallagher" for product "Command Centre" | 8.20.1166 Search vendor "Gallagher" for product "Command Centre" and version "8.20.1166" | maintenance_release3 |
Affected
| ||||||
| Gallagher Search vendor "Gallagher" | Command Centre Search vendor "Gallagher" for product "Command Centre" | 8.30.1236 Search vendor "Gallagher" for product "Command Centre" and version "8.30.1236" | - |
Affected
| ||||||
| Gallagher Search vendor "Gallagher" | Command Centre Search vendor "Gallagher" for product "Command Centre" | 8.30.1236 Search vendor "Gallagher" for product "Command Centre" and version "8.30.1236" | maintenance_release1 |
Affected
| ||||||