The vulnerabilities of the Metasys Application and Data Server (ADS), Metasys Extended Application and Data Server (ADX), and Metasys Open Application Server (OAS) are related to the lack of measures for cleaning incoming data, allowing a perpetrator to execute arbitrary code.

The vulnerabilities of the Metasys Application and Data Server ADS, Metasys Extended Application and Data Server ADX, and Metasys Open Application Server OAS are related to the lack of measures for cleaning incoming data. Exploiting these vulnerabilities allows a remote attacker to execute...

CVE-2020-9044

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server ADS, ADS-Lite versions 10.1 and prior; Metasys Extended Application and...