CVE-2020-16104

Name of the Vulnerable Software and Affected Versions Gallagher Command Centre versions prior to 8.30.1236(MR1) Gallagher Command Centre versions prior to 8.20.1166(MR3) Gallagher Command Centre versions prior to 8.10.1211(MR5) Gallagher Command Centre versions prior to 8.00.1228(MR6) Gallagher Command Centre version 7.90 and prior versions

Description A SQL Injection issue in the Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third-party database if EDI is configured to import data from this database.

Recommendations For versions prior to 8.30.1236(MR1), update to version 8.30.1236(MR1) or later. For versions prior to 8.20.1166(MR3), update to version 8.20.1166(MR3) or later. For versions prior to 8.10.1211(MR5), update to version 8.10.1211(MR5) or later. For versions prior to 8.00.1228(MR6), update to version 8.00.1228(MR6) or later. For version 7.90 and prior versions, update to a version later than 7.90.