Vulners
Lucene search
CVE-2020-9044 Metasys Improper Restriction of XML External Entity Reference
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | Johnson Controls Metasys XML External Entity Injection Vulnerability | 11 Mar 202000:00 | – | cnvd |
 | CVE-2020-9044 | 10 Mar 202019:28 | – | cve |
 | EUVD-2020-29873 | 7 Oct 202500:30 | – | euvd |
 | Johnson Controls Metasys | 10 Mar 202000:00 | – | ics |
 | CVE-2020-9044 | 10 Mar 202020:15 | – | nvd |
 | CVE-2020-9044 | 10 Mar 202020:15 | – | osv |
 | Johnsoncontrols Metasys Improper Restriction of XML External Entity Reference | 10 Aug 202100:00 | – | nessus |
| Johnson Controls Metasys Improper Restriction of XML External Entity Reference (CVE-2020-9044) | 7 Feb 202200:00 | – | nessus |
 | Xxe | 10 Mar 202020:15 | – | prion |
 | CVE-2020-9044 | 5 Feb 202515:05 | – | redhatcve |
10
[
{
"product": "Metasys Application and Data Server (ADS, ADS-Lite)",
"vendor": "Johnson Controls",
"versions": [
{
"status": "affected",
"version": "versions 10.1 and prior"
}
]
},
{
"product": "Metasys Extended Application and Data Server (ADX)",
"vendor": "Johnson Controls",
"versions": [
{
"status": "affected",
"version": "versions 10.1 and prior"
}
]
},
{
"product": "Metasys Open Data Server (ODS)",
"vendor": "Johnson Controls",
"versions": [
{
"status": "affected",
"version": "versions 10.1 and prior"
}
]
},
{
"product": "Metasys Open Application Server (OAS)",
"vendor": "Johnson Controls",
"versions": [
{
"status": "affected",
"version": "version 10.1"
}
]
},
{
"product": "Metasys Network Automation Engine (NAE55 only)",
"vendor": "Johnson Controls",
"versions": [
{
"status": "affected",
"version": "versions 9.0.1"
},
{
"status": "affected",
"version": "9.0.2"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.5"
},
{
"status": "affected",
"version": "9.0.6"
}
]
},
{
"product": "Metasys Network Integration Engine (NIE55/NIE59)",
"vendor": "Johnson Controls",
"versions": [
{
"status": "affected",
"version": "versions 9.0.1"
},
{
"status": "affected",
"version": "9.0.2"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.5"
},
{
"status": "affected",
"version": "9.0.6"
}
]
},
{
"product": "Metasys NAE85 and NIE85",
"vendor": "Johnson Controls",
"versions": [
{
"status": "affected",
"version": "versions 10.1 and prior"
}
]
},
{
"product": "Metasys LonWorks Control Server (LCS)",
"vendor": "Johnson Controls",
"versions": [
{
"status": "affected",
"version": "versions 10.1 and prior"
}
]
},
{
"product": "Metasys System Configuration Tool (SCT)",
"vendor": "Johnson Controls",
"versions": [
{
"status": "affected",
"version": "versions 13.2 and prior"
}
]
},
{
"product": "Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed)",
"vendor": "Johnson Controls",
"versions": [
{
"status": "affected",
"version": "version 8.1"
}
]
}
]| Source | Link |
|---|---|
| us-cert | www.us-cert.gov/ics/advisories/icsa-20-070-05 |
| johnsoncontrols | www.johnsoncontrols.com/cyber-solutions/security-advisories |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
10 Mar 2020 19:28Current
9.2High risk
Vulners AI Score9.2
CVSS 3.17.5
EPSS0.00269