125 matches found
CVE-2024-32758 exacqVision - Key exchanges
Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange...
CVE-2024-32758
CVE-2024-32758 affects Johnson Controls exacqVision client/server communications, where under certain conditions the key exchange uses insufficient length. Affected: exacqVision Client and Server (all versions). Root cause: inadequate encryption strength leading to potential decryption of traffic...
CVE-2024-32931
Summary of CVE-2024-32931 : Johnson Controls exacqVision Web Service (versions up to 24.03) may expose authentication token details in communications, via use of GET requests with sensitive query strings. The issue has a CVSS v3.1 base score of 5.7 (Network, Low complexity, Privileges Low, User I...
CVE-2024-32931 exacqVison - Token Disclosed in URL
Under certain circumstances the exacqVision Web Service can expose authentication token details within communications...
CVE-2024-32931 exacqVison - Token Disclosed in URL
Under certain circumstances the exacqVision Web Service can expose authentication token details within communications...
CVE-2024-32864
Under certain circumstances exacqVision Web Services will not enforce secure web communications HTTPS...
CVE-2024-32864
Under certain circumstances exacqVision Web Services will not enforce secure web communications HTTPS...
CVE-2024-32863
Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery CSRF...
CVE-2024-32863
Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery CSRF...
CVE-2024-32865 exacqVison - TLS certificate validation
Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices...
CVE-2024-32865 exacqVison - TLS certificate validation
Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices...
CVE-2024-32864 exacqVison - HTTPS Session Establishment
Under certain circumstances exacqVision Web Services will not enforce secure web communications HTTPS...
CVE-2024-32864 exacqVison - HTTPS Session Establishment
Under certain circumstances exacqVision Web Services will not enforce secure web communications HTTPS...
CVE-2024-32864
Summary: CVE-2024-32864 affects Johnson Controls exacqVision Web Service prior to version 24.06, where HTTPS is not enforced under certain conditions, enabling potential exposure of sensitive information via cleartext transmission (CWE-319). The vulnerability affects exacqVision Web Service versi...
CVE-2024-32863
Johnson Controls exacqVision Web Service is affected up to version 24.03 by a Cross-Site Request Forgery (CSRF) vulnerability (CVE-2024-32863). The issue allows performing state-changing operations with administrative privileges and has CVSSv3.1 base score 6.8 (vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H...
CVE-2024-32863 exacqVison - CSRF issues with Web Service
Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery CSRF...
Johnson Controls exacqVision Web Service
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls, Inc. Equipment : Web Service Vulnerability : Use of GET Request Method With Sensitive Query Strings 2. RISK EVALUATION Successful exploitation of this vulnerability could...
Johnson Controls exacqVision Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : exacqVision Server Vulnerability : Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a...
Johnson Controls exacqVision Web Service
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : exacqVision Web Service Vulnerability : Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...
Johnson Controls exacqVision client and exacqVision server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.0 ATTENTION : Exploitable remotely Vendor : Johnson Controls Inc. Equipment : exacqVision Client, exacqVision Server key Vulnerability : Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...