3 matches found
CVE-2021-36202 Metasys UI
Server-Side Request Forgery SSRF vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0....
CVE-2021-36202
CVE-2021-36202 describes a Server-Side Request Forgery (SSRF) in Johnson Controls Metasys’ MUI PDF export feature. An authenticated attacker could inject malicious code via this export path. Affected products are Metasys ADS/ADX/OAS versions prior to 10.1.5 and versions prior to 11.0.2. Mitigatio...
Johnson Controls Metasys
1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: Metasys Vulnerability: Server-side Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to inject...