CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

198 matches found

Prion•added 2022/07/22 3:15 p.m.•10 views

Code injection

Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users...

5CVSS5.3AI score0.00277EPSS

Exploits0References2Affected Software3

Cvelist•added 2022/07/22 2:55 p.m.•15 views

CVE-2021-36200 Metasys ADS/ADX/OAS with MUI

Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users...

5.3CVSS5.7AI score0.00277EPSS

Exploits0References2

CVE•added 2022/07/22 2:55 p.m.•1401 views

CVE-2021-36200

CVE-2021-36200 affects Johnson Controls Metasys ADS/ADX/OAS with MUI, specifically versions 10 and 11. The vulnerability is missing authentication for a critical function, allowing an unauthenticated user to access the Metasys web API and enumerate users. CVSS v3 base score is 5.3 (AV:N/AC:L/PR:N...

5.3CVSS5.3AI score0.00277EPSS

Exploits0References2Affected Software3

CNNVD•added 2022/07/21 12:0 a.m.•1 views

Johnson Controls Metasys ADS/ADX/OAS Servers 访问控制错误漏洞

Johnson Controls Metasys ADS/ADX/OAS Servers is an application and data server from Johnson Controls, Inc. An access control error vulnerability exists in Johnson Controls Metasys ADS/ADX/OAS versions 10 and 11, which stems from the fact that under certain circumstances, an unauthenticated user c...

5.3CVSS5.7AI score0.00277EPSS

Exploits0References6

ICS•added 2022/07/21 12:0 a.m.•51 views

Johnson Controls Metasys ADS, ADX, OAS

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc Equipment: Metasys ADS, ADX, OAS with MUI Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

5.3CVSS5.7AI score0.00277EPSS

Exploits0References5

NVD•added 2022/06/15 9:15 p.m.•8 views

CVE-2022-21938

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface...

8.1CVSS0.0035EPSS

Exploits0References2

OSV•added 2022/06/15 9:15 p.m.•0 views

CVE-2022-21938

5.4CVSS5.8AI score

Exploits0References2

Prion•added 2022/06/15 9:15 p.m.•11 views

Code injection

3.5CVSS6.5AI score0.0035EPSS

Exploits0References2Affected Software3

CVE•added 2022/06/15 8:15 p.m.•68 views

CVE-2022-21938

CVE-2022-21938 concerns cross-site scripting in Johnson Controls Metasys ADS/ADX/OAS Servers (MUI Graphics web interface). Affected: Metasys ADS/ADX/OAS 10.x before 10.1.5 and 11.x before 11.0.2, due to improper neutralization of input during web page generation (MUI Graphics). Impact per sources...

8.1CVSS6.3AI score0.0035EPSS

Exploits0References2Affected Software3

Cvelist•added 2022/06/15 8:15 p.m.•11 views

CVE-2022-21938 Metasys MUI Graphics XSS

8.1CVSS8.2AI score0.0035EPSS

Exploits0References2

NVD•added 2022/06/15 8:15 p.m.•8 views

CVE-2022-21935

A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change...

7.5CVSS0.00247EPSS

Exploits0References2

OSV•added 2022/06/15 8:15 p.m.•0 views

CVE-2022-21937

5.4CVSS5.8AI score

Exploits0References2

OSV•added 2022/06/15 8:15 p.m.•1 views

CVE-2022-21935

A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change...

7.5CVSS5.8AI score

Exploits0References2

NVD•added 2022/06/15 8:15 p.m.•10 views

CVE-2022-21937

8.7CVSS0.00541EPSS

Exploits0References2

Prion•added 2022/06/15 8:15 p.m.•9 views

Code injection

2.1CVSS6AI score0.00541EPSS

Exploits0References2Affected Software3

Prion•added 2022/06/15 8:15 p.m.•12 views

Default credentials

A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change...

5CVSS7.5AI score0.00247EPSS

Exploits0References2Affected Software3

Cvelist•added 2022/06/15 7:57 p.m.•13 views

CVE-2022-21935 Metasys password guessing

A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change...

7.5CVSS7.7AI score0.00247EPSS

Exploits0References2

CVE•added 2022/06/15 7:57 p.m.•93 views

CVE-2022-21935

CVE-2022-21935 affects Johnson Controls Metasys ADS/ADX/OAS Servers version 10 prior to 10.1.5 and version 11 prior to 11.0.2, with an unverified password change vulnerability (CWE-620). The NVD/NIST entry assigns CVSSv3.1 base score 7.5 (HIGH) and CVSSv2 base 7.5, both indicating high impact on ...

7.5CVSS7.7AI score0.00247EPSS

Exploits0References2Affected Software3

Cvelist•added 2022/06/15 7:37 p.m.•11 views

CVE-2022-21937 Metasys CSS

8.7CVSS8.7AI score0.00541EPSS

Exploits0References2

CVE•added 2022/06/15 7:37 p.m.•69 views

CVE-2022-21937

CVE-2022-21937 affects Johnson Controls Metasys ADS/ADX/OAS Servers (versions 10 prior to 10.1.5 and 11 prior to 11.0.2). The issue is an improper neutralization of input during web page generation (cross-site scripting), enabling injection and storage of malicious code into the web interface. Th...

8.7CVSS6.3AI score0.00541EPSS

Exploits0References2Affected Software3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by