2 matches found
CVE-2021-27657 Metasys Improper Privilege Management
Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls...
CVE-2021-27657
The CVE-2021-27657 issue affects Johnson Controls Metasys, with versions 11.0 and earlier vulnerable to improper privilege management. The root cause is insufficient privilege checks, allowing an authenticated Metasys user to access or modify server files via crafted web messages. Impact is high ...