Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2024-0912
HistoryJun 06, 2024 - 12:15 a.m.

CVE-2024-0912

2024-06-0600:15:09
CWE-532
[email protected]
web.nvd.nist.gov
28
microsoft
iis
logging
security
issue
c•cure 9000
web server
windows credential
nvd

8.5 High

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

ACTIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Software House C•CURE 9000",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThanOrEqual": "2.90",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Related

cvelist 1
vulnrichment 1
ics 1
nvd 1
cvelist
cvelist
CVE-2024-0912 CCURE passwords exposed to administrators
2024-06-05 23:23:24
vulnrichment
vulnrichment
CVE-2024-0912 CCURE passwords exposed to administrators
2024-06-05 23:23:24
ics
ics
Johnson Controls Software House C-CURE 9000
2024-05-14 12:00:00
nvd
nvd
CVE-2024-0912
2024-06-06 00:15:09

8.5 High

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

ACTIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON
Related for CVE-2024-0912
cvelist1vulnrichment1ics1nvd1