command centre · threatengine.sh

Home/Product/gallagher command centre

Product

gallagher command centre

37 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server c

Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to aut

>= 9.00 and < 9.00.1507

A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command

An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the p

Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer

Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration

Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Dat

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies

>= 8.80 and < 8.80.1192

A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning ca

Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affe

Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Regi

>= 8.50 and < 8.50.2048

Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as t

Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged

Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information fro

An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verificat

A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Opera

>= 8.40 and < 8.40.1888

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encr

Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Co

>= 8.30 and < 8.30.1359

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key materi

>= 8.30 and < 8.40.1888

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master ke

Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthoris

Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged

SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterpris

Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execu

Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items

>= 8.00 and < 8.00.1228

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds

>= 8.00 and < 8.00.1228

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread

>= 8.20 and < 8.20.1093

In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via thing

>= 8.00 and < 8.00.1228

It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command

>= 7.90 and < 7.90.1038

On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (di

>= 7.80 and < 7.80.960

In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80

An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.113

In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5),

In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.9

>= 8.10 and < 8.10.1092

An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in

Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and inf

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin