Gallagher Command Centre 8.10.1211
Approved changes feed: RSS · Atom
cpe:2.3:a:gallagher:command_centre:8.10.1211:-:*:*:*:*:*:*
part: a version: 8.10.1211 update: -
| Vendor | Gallagher (1a83fbe6-3e6e-58bd-a69d-5a0946535413) |
|---|---|
| Product | Command Centre (08024ced-e26e-56a2-b7c3-eb8925b0e80b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-16104 |
vulnerable | 2026-06-03 14:41:47.167387 |
Details available
HIGH (8.2)
SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions.
Published: 2020-12-14T19:23:30.000Z
Updated: 2024-08-04T13:37:54.203Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-16103 |
vulnerable | 2026-06-03 14:41:47.163480 |
Details available
HIGH (8.8)
Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions.
Published: 2020-12-14T19:34:42.000Z
Updated: 2024-08-04T13:37:53.487Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-16101 |
vulnerable | 2026-06-03 14:41:47.156838 |
Details available
HIGH (7.5)
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.
Published: 2020-09-15T13:25:28.000Z
Updated: 2024-08-04T13:37:53.251Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-16100 |
vulnerable | 2026-06-03 14:41:47.156429 |
Details available
HIGH (7.5)
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.
Published: 2020-09-15T13:21:59.000Z
Updated: 2024-08-04T13:37:53.246Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-16098 |
vulnerable | 2026-06-03 14:41:47.153976 |
Details available
CRITICAL (9.8)
It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported.
Published: 2020-09-15T13:22:55.000Z
Updated: 2024-08-04T13:37:53.575Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-16097 |
vulnerable | 2026-06-03 14:41:47.152972 |
Details available
HIGH (7.3)
On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers.
Published: 2020-09-15T13:19:56.000Z
Updated: 2024-08-04T13:37:54.194Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.