Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:LGallagher Command Centre
APPGallagher≤ 8.608.70 – 8.70.2526 (bez)8.80 – 8.80.1526 (bez)8.90 – 8.90.1751 (bez)9.00 – 9.00.1774 (bez)
Related vulnerabilities
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged ...
Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modif...
It is possible to enumerate access card credentials via an unauthenticated network connection to the server in...
In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to...
An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom s...