Gallagher is committed to ensuring that we provide safe, secure and robust products to our customers. As technology changes and evolves, both our internal and third party penetration testers are constantly testing our products to find vulnerabilities.
Vulnerabilities identified as critical are resolved promptly in all affected, supported versions* of Command Centre and a new version of Command Centre (a maintenance release) will be developed to address the vulnerability. Maintenance releases for a specific version of Command Centre are available to all licensed customers regardless of the customers Software Maintenance status with Gallagher.
Customers and Channel Partners will be advised of any maintenance releases through a Security Advisory.
Security Advisories will be;
- Emailed to customers and channel partners (where we have their email address)
- Advised on our Support Site
- Advised on our website
Security Advisories will contain details of;
- The severity (based on CVSS score system v3.1)
- CVE identification number
- Components affected (e.g. servers, workstations, controllers)
- Versions of software that are affected
- Any mitigations
- Who the vulnerability was reported by
- Whether we are aware of it being actively exploited
- A description of the vulnerability
- Which versions maintenance releases are available for
*supported versions include the current version and the three previous versions of Command Centre
Current Security Advisories
- CVE-2019-12492 | Critical | 6th June 2019