What is the severity of CVE-2022-26348?

CVE-2022-26348 has been classified with a moderate severity due to the potential for SQL injection attacks.

How do I fix CVE-2022-26348?

To fix CVE-2022-26348, upgrade to a version of Gallagher Command Centre that is above 8.20 or implement appropriate security measures to mitigate SQL injection.

What are the effects of CVE-2022-26348?

CVE-2022-26348 allows an attacker to execute arbitrary SQL queries on the Command Centre Server, compromising data integrity.

Which versions of Gallagher Command Centre are affected by CVE-2022-26348?

CVE-2022-26348 affects Gallagher Command Centre versions up to and including 8.20, and specific versions ranging from 8.30 to 8.60.

Who is at risk from CVE-2022-26348?

Organizations using affected versions of the Gallagher Command Centre software are at risk from CVE-2022-26348 if they utilize the Visitor Management Kiosk.

Vulnerability/
CVE-2022-26348

high

8.2

CWE

6/7/2022

3/8/2024

CVE-2022-26348: SQL Injection

First published: Wed Jul 06 2022(Updated: )

Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions.

Credit: disclosures@gallagher.com

Affected Software	Affected Version	How to fix
Gallagher Command Centre	<=8.20
Gallagher Command Centre	>=8.30<8.30.1470
Gallagher Command Centre	>=8.40<8.40.2216
Gallagher Command Centre	>=8.50<8.50.2245
Gallagher Command Centre	>=8.60<8.60.1652

Never miss a vulnerability like this again

Reference Links

https://security.gallagher.com/Security-Advisories/CVE-2022-26348

Frequently Asked Questions

What is the severity of CVE-2022-26348?
CVE-2022-26348 has been classified with a moderate severity due to the potential for SQL injection attacks.
How do I fix CVE-2022-26348?
To fix CVE-2022-26348, upgrade to a version of Gallagher Command Centre that is above 8.20 or implement appropriate security measures to mitigate SQL injection.
What are the effects of CVE-2022-26348?
CVE-2022-26348 allows an attacker to execute arbitrary SQL queries on the Command Centre Server, compromising data integrity.
Which versions of Gallagher Command Centre are affected by CVE-2022-26348?
CVE-2022-26348 affects Gallagher Command Centre versions up to and including 8.20, and specific versions ranging from 8.30 to 8.60.
Who is at risk from CVE-2022-26348?
Organizations using affected versions of the Gallagher Command Centre software are at risk from CVE-2022-26348 if they utilize the Visitor Management Kiosk.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/weakness
agent/author
agent/severity
agent/last-modified-date
agent/tags
agent/description
agent/event
agent/first-publish-date
agent/source
vendor/gallagher
canonical/gallagher command centre
version/gallagher command centre/8.20
version/gallagher command centre/8.30
version/gallagher command centre/8.40
version/gallagher command centre/8.50
version/gallagher command centre/8.60

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.