Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

198 matches found

NVD
NVDadded 2023/01/13 9:15 p.m.8 views

CVE-2021-36204

Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text...

7.8CVSS7.6AI score0.00176EPSS
Exploits0References2
Prion
Prionadded 2023/01/13 9:15 p.m.12 views

Design/Logic Flaw

Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text...

5CVSS7.4AI score0.00176EPSS
Exploits0References2Affected Software3
CVE
CVEadded 2023/01/13 12:0 a.m.44 views

CVE-2021-36204

The CVE-2021-36204 vulnerability affects Johnson Controls Metasys ADS/ADX/OAS Servers: versions 10.x prior to 10.1.6 and 11.x prior to 11.0.3. Root cause is Insufficiently Protected Credentials, allowing API calls to expose plaintext credentials. Impact is high (confidentiality and total impact o...

7.8CVSS7.5AI score0.00176EPSS
Exploits0References2Affected Software3
Vulnrichment
Vulnrichmentadded 2023/01/13 12:0 a.m.4 views

CVE-2021-36204 Insufficiently Protected Credentials in Metasys

Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text...

7.8CVSS7.6AI score0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2023/01/13 12:0 a.m.2 views

PT-2023-12265 · Johnson Controls · Metasys Ads/Adx/Oas

Name of the Vulnerable Software and Affected Versions: Johnson Controls Metasys ADS/ADX/OAS versions prior to 10.1.6 Johnson Controls Metasys ADS/ADX/OAS versions prior to 11.0.3 Description: An Insufficiently Protected Credentials issue allows API calls to expose credentials in plain text under...

7.8CVSS7.5AI score0.00176EPSS
Exploits0References7
CNNVD
CNNVDadded 2023/01/13 12:0 a.m.1 views

Johnson Controls Metasys ADS/ADX/OAS 安全漏洞

Johnson Controls Metasys ADS/ADX/OAS Servers is an application and data server from Johnson Controls, Inc. A security vulnerability exists in Johnson Controls Metasys ADS/ADX/OAS version 10 up to and including 10.1.6, and version 11 up to and including 11.0.3, which stems from insufficient...

7.8CVSS7.2AI score0.00176EPSS
Exploits0References3
Cvelist
Cvelistadded 2023/01/13 12:0 a.m.13 views

CVE-2021-36204 Insufficiently Protected Credentials in Metasys

Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text...

7.8CVSS7.8AI score0.00176EPSS
Exploits0References2
ICS
ICSadded 2023/01/12 12:0 a.m.29 views

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Johnson Controls Equipment: Metasys ADS/ADX/OAS Servers Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in exposed credentials in plain text...

7.8CVSS7.9AI score0.00176EPSS
Exploits0References4
CISA
CISAadded 2023/01/12 12:0 a.m.14 views

CISA Releases Twelve Industrial Control Systems Advisories

CISA released twelve Industrial Control Systems ICS advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

0.8AI score
Exploits0References12
CNVD
CNVDadded 2022/10/11 12:0 a.m.15 views

Johnson Controls Metasys ADX Server Licensing Issue Vulnerability

Johnson Controls Metasys ADX Server is a data server from Johnson Controls, Inc. An authorization issue vulnerability exists in Johnson Controls Metasys ADX Server version 12.0, which stems from improper access controls in the application and could be exploited by an attacker to cause an AD user ...

8.1CVSS2.9AI score0.00214EPSS
Exploits0References1
NVD
NVDadded 2022/10/07 6:15 p.m.8 views

CVE-2022-21936

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI...

8.1CVSS0.00214EPSS
Exploits0References2
Prion
Prionadded 2022/10/07 6:15 p.m.12 views

Code injection

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI...

4CVSS6.6AI score0.00214EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2022/10/07 5:39 p.m.12 views

CVE-2022-21936 Metasys MVE

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI...

8.1CVSS8.4AI score0.00214EPSS
Exploits0References2
CVE
CVEadded 2022/10/07 5:39 p.m.58 views

CVE-2022-21936

CVE-2022-21936 affects Johnson Controls Metasys ADX Server version 12.0 running MVE. The vulnerability is improper authentication, enabling an Active Directory user to execute validated actions without a valid password via the MVE SMP UI. Public impact details indicate remote exploitation with lo...

8.1CVSS7AI score0.00214EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2022/10/07 12:0 a.m.3 views

PT-2022-15192 · Johnson Controls · Metasys Adx Server

Name of the Vulnerable Software and Affected Versions: Metasys ADX Server version 12.0 Description: The issue allows an Active Directory user to execute validated actions without providing a valid password when using MVE SMP UI. Recommendations: For Metasys ADX Server version 12.0, consider...

8.1CVSS7AI score0.00214EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2022/10/04 6:52 p.m.4 views

CVE-2022-21936

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI...

8.1CVSS6.7AI score0.00214EPSS
Exploits0References3
ICS
ICSadded 2022/10/04 12:0 a.m.25 views

Johnson Controls Metasys ADX Server

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: Metasys ADX Extended Application and Data Server Server running MVE Metasys for Validated Environments Vulnerability: Improper Authentication 2. RISK EVALUATION...

8.1CVSS7.3AI score0.00214EPSS
Exploits0References5
CNNVD
CNNVDadded 2022/10/04 12:0 a.m.1 views

Johnson Controls Metasys ADX 授权问题漏洞

Johnson Controls Metasys ADX Server is a data server from Johnson Controls, Inc. An authorization issue vulnerability exists in Johnson Controls Metasys ADX Server version 12.0, which stems from improper access controls in the application and could be exploited by an attacker to cause an AD user ...

8.1CVSS6.7AI score0.00214EPSS
Exploits0References4
NVD
NVDadded 2022/07/22 3:15 p.m.9 views

CVE-2021-36200

Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users...

5.3CVSS0.00277EPSS
Exploits0References2
OSV
OSVadded 2022/07/22 3:15 p.m.2 views

CVE-2021-36200

Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users...

5.3CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder