PT-2024-5518 · Unknown · Exacqvision Web Service

🗓️ 01 Aug 2024 00:00:00Reported by Positive TechnologiesType

ExacqVision Web Services mishandles the Origin header in Cross Origin Sharing, enabling remote cross-site scripting.

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability of the CORS (Cross-Origin Resource Sharing) mechanism in the exacqVision Web Service web interface of the exacqVision surveillance system allows attackers to circumvent security restrictions and execute cross-origin attacks.	12 Aug 202400:00	–	bdu_fstec
CVE	CVE-2024-32862	1 Aug 202421:57	–	cve
Cvelist	CVE-2024-32862 exacqVision CORS	1 Aug 202421:57	–	cvelist
EUVD	EUVD-2024-30648	3 Oct 202520:07	–	euvd
Tenable Nessus	Johnson Controls exacqVision Web Service < 24.06 Multiple Vulnerabilities	9 Aug 202400:00	–	nessus
ICS	Johnson Controls exacqVision Server web service	1 Aug 202406:00	–	ics
NVD	CVE-2024-32862	1 Aug 202422:15	–	nvd
OSV	CVE-2024-32862	1 Aug 202422:15	–	osv
Vulnrichment	CVE-2024-32862 exacqVision CORS	1 Aug 202421:57	–	vulnrichment

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-32862
bdu	www.bdu.fstec.ru/vul/2024-06167
johnsoncontrols	www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
t	www.t.me/cvenotify/88370
johnsoncontrols	www.johnsoncontrols.com/-/media/project/jci-global/johnson-controls/us-region/united-states-johnson-controls/cyber-solutions/security-advisories/documents/jci-psa-2024-15.pdf
vuldb	www.vuldb.com/
tenable	www.tenable.com/cve/CVE-2024-32862
t	www.t.me/cvenotify/90045
cisa	www.cisa.gov/news-events/ics-advisories/icsa-24-214-02
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2024080241

09 Aug 2024 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 27.1

CVSS 3.16.8 - 8.1

EPSS0.00268

SSVC