7 matches found
CVE-2025-26385
Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...
The vulnerabilities of the Metasys Application and Data Server (ADS), Metasys Extended Application and Data Server (ADX), and Metasys Open Application Server (OAS) are related to the lack of measures for cleaning incoming data, allowing a perpetrator to execute arbitrary code.
The vulnerabilities of the Metasys Application and Data Server ADS, Metasys Extended Application and Data Server ADX, and Metasys Open Application Server OAS are related to the lack of measures for cleaning incoming data. Exploiting these vulnerabilities allows a remote attacker to execute...
The vulnerability of the Metasys Application and Data Server (ADS), Metasys Extended Application and Data Server (ADX), and Metasys Open Application Server (OAS) lies in the lack of necessary checks during password deletion, allowing attackers to execute arbitrary code.
The vulnerability of the Metasys Application and Data Server ADS, Metasys Extended Application and Data Server ADX, and Metasys Open Application Server OAS lies in the lack of necessary checks during password deletion. Exploiting this vulnerability allows a malicious actor to execute arbitrary co...
The vulnerabilities of the Metasys Application and Data Server (ADS), Metasys Extended Application and Data Server (ADX), and Metasys Open Application Server (OAS) are related to the lack of measures for cleaning incoming data, allowing a perpetrator to execute arbitrary code.
The vulnerabilities of the Metasys Application and Data Server ADS, Metasys Extended Application and Data Server ADX, and Metasys Open Application Server OAS are related to the lack of measures for cleaning incoming data. Exploiting these vulnerabilities allows a remote attacker to execute...
Johnson Controls Metasys ADS/ADX/OAS Servers 跨站脚本漏洞
Johnson Controls Metasys ADS/ADX/OAS Servers is an application and data server from Johnson Controls, Inc. A cross-site scripting vulnerability exists in Johnson Controls Metasys ADS/ADX/OAS Servers versions 10 and 11, which arises from improper neutralization of input during web page generation...
The vulnerability of the Metasys Application and Data Server (ADS), Metasys Extended Application and Data Server (ADX), and Metasys Open Application Server (OAS) lies in the incomplete cleanup of session tokens, allowing attackers to obtain session tokens from authenticated users.
The vulnerability of the Metasys Application and Data Server ADS, Metasys Extended Application and Data Server ADX, and Metasys Open Application Server OAS is related to incomplete cleaning of session tokens. Exploiting this vulnerability can allow a malicious actor to obtain the session token of...
CVE-2020-9044
XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server ADS, ADS-Lite versions 10.1 and prior; Metasys Extended Application and...