Design/Logic Flaw

2023-01-1321:15:00

PRIOn knowledge base

www.prio-n.com

johnson controls

metasys

api

credentials

exposure

vulnerability

0.001 Low

EPSS

Percentile

51.0%

JSON

Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.

CPENameOperatorVersion
metasys_application_and_data_serverge10.0
metasys_application_and_data_serverlt10.1.6
metasys_application_and_data_serverge11.0
metasys_application_and_data_serverlt11.0.3
metasys_extended_application_and_data_serverge10.0
metasys_extended_application_and_data_serverlt10.1.6
metasys_extended_application_and_data_serverge11.0
metasys_extended_application_and_data_serverlt11.0.3
metasys_open_application_serverge10.0
metasys_open_application_serverlt10.1.6

Name	Operator	Version
metasys_application_and_data_server	ge	10.0
metasys_application_and_data_server	lt	10.1.6
metasys_application_and_data_server	ge	11.0
metasys_application_and_data_server	lt	11.0.3
metasys_extended_application_and_data_server	ge	10.0
metasys_extended_application_and_data_server	lt	10.1.6
metasys_extended_application_and_data_server	ge	11.0
metasys_extended_application_and_data_server	lt	11.0.3
metasys_open_application_server	ge	10.0
metasys_open_application_server	lt	10.1.6