3 matches found
CVE-2021-36207
CVE-2021-36207 affects Johnson Controls Metasys ADS/ADX/OAS Servers versions 10 and 11, where improper privilege management could allow an authenticated user to elevate to administrator. Technical details across sources confirm the vulnerability lies in privilege handling for these servers, with ...
CVE-2021-36207 Metasys privilege management
Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator...
Johnson Controls Metasys
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Metasys ADS/ADX/OAS Servers Vulnerability: I mproper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated...