VYPR
Vendor

Gallagher

Products
13
CVEs
72
Across products
81
Status
Private

Products

13

Recent CVEs

72
View all 72 CVEs →
  • CVE-2025-47699CriOct 23, 2025
    risk 0.64cvss 9.9epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre…

  • CVE-2021-23230CriJun 11, 2021
    risk 0.64cvss 9.9epss 0.01

    A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions…

  • CVE-2021-23140CriJun 11, 2021
    risk 0.64cvss 9.9epss 0.01

    Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359…

  • CVE-2020-16098CriSep 15, 2020
    risk 0.64cvss 9.8epss 0.01

    It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90…

  • CVE-2020-16096CriSep 15, 2020
    risk 0.64cvss 9.9epss 0.01

    In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is)…

  • CVE-2019-15294CriAug 28, 2019
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the…

  • CVE-2024-21815CriMar 5, 2024
    risk 0.59cvss 9.1epss 0.00

    Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751…

  • CVE-2021-23155CriNov 18, 2021
    risk 0.59cvss 9.0epss 0.00

    Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Client for Android 8.60 versions prior to 8.60.065; version 8.50 and prior…

  • CVE-2024-41724HigMar 10, 2025
    risk 0.57cvss 8.7epss 0.00

    Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. This issue affects all versions of Gallagher Command Centre prior to 9.20.1043.

  • CVE-2020-16103HigDec 14, 2020
    risk 0.57cvss 8.8epss 0.02

    Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior…

  • CVE-2024-42407HigDec 12, 2024
    risk 0.55cvss 8.5epss 0.00

    Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information to which they have not been granted access. This issue affects: Command Centre…

  • CVE-2026-25193HigMay 25, 2026
    risk 0.53cvss 8.1epss 0.00

    Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure.  Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account (not the default Network…

  • CVE-2022-26348HigJul 6, 2022
    risk 0.53cvss 8.2epss 0.00

    Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has…

  • CVE-2021-23193HigNov 18, 2021
    risk 0.53cvss 8.1epss 0.01

    Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to…

  • CVE-2021-23167HigNov 18, 2021
    risk 0.53cvss 8.1epss 0.00

    Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063…

  • CVE-2021-23205HigJun 11, 2021
    risk 0.53cvss 8.1epss 0.01

    Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30…

  • CVE-2021-23204HigJun 11, 2021
    risk 0.53cvss 8.1epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions…

  • CVE-2020-16104HigDec 14, 2020
    risk 0.53cvss 8.2epss 0.01

    SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This…

  • CVE-2024-43690HigSep 11, 2024
    risk 0.52cvss 8.0epss 0.01

    Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE). This issue affects: Command Centre Server and Command Centre Workstations 9.10 prior to vEL9.10.1530…

  • CVE-2021-23162HigNov 18, 2021
    risk 0.50cvss 7.7epss 0.00

    Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Connect for Android 15 versions prior to 15.04.040; version 14 and prior…

VYPR — Vulnerability Intelligence