Vulnerabilidades em Gallagher
67 resultadosCVE-2023-22439LOW
Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) caEPSS 0.5%CVE-2023-22363MEDIUMAccess Zone stack overflowEPSS 0.5%CVE-2023-23584MEDIUM
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence oEPSS 0.5%CVE-2023-24584HIGHController 6000 buffer overflow via upload feature in web interfaceEPSS 0.5%CVE-2021-23155CRITICALImproper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command CeEPSS 0.5%CVE-2021-23162HIGHImproper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command CEPSS 0.4%CVE-2021-23167HIGHImproper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the CommEPSS 0.4%CVE-2023-6355MEDIUM
Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local EPSS 0.4%CVE-2024-21815CRITICAL
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticateEPSS 0.3%CVE-2024-24972MEDIUMBuffer Copy without Checking Size of Input (CWE-120) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authoriseEPSS 0.3%CVE-2023-41967LOW
Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of EPSS 0.3%CVE-2024-42407HIGHInsertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authentiEPSS 0.3%CVE-2025-47699CRITICALExposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authEPSS 0.3%CVE-2020-16097HIGHOn controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed EPSS 0.3%CVE-2024-22387MEDIUMExternal Control of Critical State Data (CWE-642) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticateEPSS 0.3%CVE-2024-21838MEDIUM
Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could leadEPSS 0.3%CVE-2023-22428HIGH
Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.
This issue affects CommaEPSS 0.3%CVE-2024-41146MEDIUMUse of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker wEPSS 0.3%CVE-2023-23576MEDIUM
Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than inteEPSS 0.3%CVE-2023-23568MEDIUM
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.EPSS 0.3%