Lucene search
HistoryJan 13, 2023 - 9:15 p.m.
CVE-2021-36204
johnson controls
metasys
credentials
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
51.0%
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.
Affected configurations
Node
johnsoncontrolsmetasys_application_and_data_serverRange10.0–10.1.6
ORjohnsoncontrolsmetasys_application_and_data_serverRange11.0–11.0.3
ORjohnsoncontrolsmetasys_extended_application_and_data_serverRange10.0–10.1.6
ORjohnsoncontrolsmetasys_extended_application_and_data_serverRange11.0–11.0.3
ORjohnsoncontrolsmetasys_open_application_serverRange10.0–10.1.6
ORjohnsoncontrolsmetasys_open_application_serverRange11.0–11.0.3
Related
prion
prion
Design/Logic Flaw
2023-01-13 21:15:00
cve
cve
CVE-2021-36204
2023-01-13 21:15:15
ics
ics
Johnson Controls Metasys
2023-01-12 12:00:00
cvelist
cvelist
CVE-2021-36204 Insufficiently Protected Credentials in Metasys
2023-01-13 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
51.0%
Related for NVD:CVE-2021-36204