CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2022/06/14 7:41 p.m.•3 views

CVE-2022-21938

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface...

8.1CVSS6.2AI score0.0035EPSS

ATTACKERKB•added 2022/06/14 7:41 p.m.•2 views

CVE-2022-21937

8.7CVSS6.2AI score0.00541EPSS

CNNVD•added 2022/06/14 12:0 a.m.•1 views

Johnson Controls Metasys ADS/ADX/OAS Servers 跨站脚本漏洞

Johnson Controls Metasys ADS/ADX/OAS Servers is an application and data server from Johnson Controls, Inc. A cross-site scripting vulnerability exists in Johnson Controls Metasys ADS/ADX/OAS Servers versions 10 and 11, which arises from improper neutralization of input during web page generation...

8.1CVSS5.6AI score0.0035EPSS

CNNVD•added 2022/06/14 12:0 a.m.•1 views

Johnson Controls Metasys ADS/ADX/OAS Servers 跨站脚本漏洞

8.7CVSS5.6AI score0.00541EPSS

CNNVD•added 2022/06/14 12:0 a.m.•1 views

Johnson Controls Metasys ADS/ADX/OAS Servers 授权问题漏洞

Johnson Controls Metasys ADS/ADX/OAS Servers is an application and data server from Johnson Controls, Inc. A security vulnerability exists in Johnson Controls Metasys ADS/ADX/OAS Servers versions 10 and 11, which stems from an unauthenticated password change, and can be exploited by an attacker t...

7.5CVSS7.3AI score0.00247EPSS

OSV•added 2022/05/06 4:15 p.m.•0 views

CVE-2022-21934

Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2...

8.8CVSS5.8AI score0.00254EPSS

NVD•added 2022/05/06 4:15 p.m.•6 views

CVE-2022-21934

8.8CVSS0.00254EPSS

Prion•added 2022/05/06 4:15 p.m.•9 views

Code injection

6CVSS8.5AI score0.00254EPSS

CVE•added 2022/05/06 3:55 p.m.•75 views

CVE-2022-21934

Vulnerability CVE-2022-21934 affects Johnson Controls Metasys ADS/ADX/OAS Servers (Versions 10 before 10.1.5 and 11 before 11.0.2). Root cause: unverified password change enabling an authenticated user to lock other users out or take over accounts. Impacts include high-severity risk to confidenti...

8.8CVSS8.2AI score0.00254EPSS

Cvelist•added 2022/05/06 3:55 p.m.•9 views

CVE-2022-21934 Metasys Unverified Password Change

8CVSS8.7AI score0.00254EPSS

ATTACKERKB•added 2022/05/05 7:36 p.m.•3 views

CVE-2022-21934

8.8CVSS7.3AI score0.00254EPSS

ICS•added 2022/05/05 12:0 a.m.•36 views

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Metasys ADS/ADX/OAS Servers Vulnerability: Unverified Password Change 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user...

8.8CVSS8.5AI score0.00254EPSS

CNNVD•added 2022/05/05 12:0 a.m.•1 views

Johnson Controls Metasys ADS/ADX/OAS servers 授权问题漏洞

Johnson Controls Metasys ADS/ADX/OAS Servers is an application and data server from Johnson Controls, Inc. A security vulnerability in Johnson Controls Metasys ADS/ADX/OAS servers Series 10 versions prior to 10.1.5 and Series 11 versions prior to 11.0.1 can be exploited by an attacker to allow an...

8.8CVSS7.9AI score0.00254EPSS

Exploits0References4

NVD•added 2022/04/29 5:15 p.m.•8 views

CVE-2021-36207

Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator...

8.8CVSS0.00158EPSS

OSV•added 2022/04/29 5:15 p.m.•1 views

CVE-2021-36207

Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator...

8.8CVSS7.3AI score0.00158EPSS

Prion•added 2022/04/29 5:15 p.m.•14 views

Input validation

Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator...

8.5CVSS8.5AI score0.00158EPSS

Cvelist•added 2022/04/29 4:39 p.m.•13 views

CVE-2021-36207 Metasys privilege management

Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator...

8.8CVSS8.8AI score0.00158EPSS

CVE•added 2022/04/29 4:39 p.m.•89 views

CVE-2021-36207

CVE-2021-36207 affects Johnson Controls Metasys ADS/ADX/OAS Servers versions 10 and 11, where improper privilege management could allow an authenticated user to elevate to administrator. Technical details across sources confirm the vulnerability lies in privilege handling for these servers, with ...

8.8CVSS8.7AI score0.00158EPSS