VYPR

Command Centre Server

by Gallagher

CVEs (50)

  • CVE-2019-19801MedJan 17, 2020
    risk 0.36cvss 5.5epss 0.00

    In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command…

  • CVE-2023-23570MedDec 18, 2023
    risk 0.35cvss 5.4epss 0.01

    Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.

  • CVE-2021-23197MedNov 18, 2021
    risk 0.34cvss 5.2epss 0.00

    Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;

  • CVE-2023-23584MedDec 18, 2023
    risk 0.28cvss 4.3epss 0.01

    An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior…

  • CVE-2023-23576MedDec 18, 2023
    risk 0.28cvss 4.3epss 0.00

    Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. This issue affects: Gallagher Command Centre: 8.90 prior…

  • CVE-2023-23568MedJul 25, 2023
    risk 0.28cvss 4.3epss 0.00

    Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to …

  • CVE-2020-16099MedSep 15, 2020
    risk 0.28cvss 4.3epss 0.01

    In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect.

  • CVE-2024-23194LowJul 11, 2024
    risk 0.21cvss 3.3epss 0.00

    Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 (MR1).

  • CVE-2025-64734LowNov 18, 2025
    risk 0.16cvss 2.4epss 0.00

    Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker with physical access to the Reader to perform a denial-of-service attack against that specific reader, preventing cardholders from badging for entry. This issue affects Command…

  • CVE-2026-20757Mar 3, 2026
    risk 0.00cvss epss 0.00

    Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976(MR1), 9.30 prior to vEL9.30.3382…

Page 3 of 3