Lucene search
+L

125 matches found

Vulnrichment
Vulnrichment
added 2024/08/01 9:50 p.m.18 views

CVE-2024-32758 exacqVision - Key exchanges

Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange...

9CVSS7AI score0.00438EPSS
Exploits0References2
CVE
CVE
added 2024/08/01 9:50 p.m.60 views

CVE-2024-32758

CVE-2024-32758 affects Johnson Controls exacqVision client/server communications, where under certain conditions the key exchange uses insufficient length. Affected: exacqVision Client and Server (all versions). Root cause: inadequate encryption strength leading to potential decryption of traffic...

9CVSS6.6AI score0.00438EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/08/01 9:18 p.m.62 views

CVE-2024-32931

Summary of CVE-2024-32931 : Johnson Controls exacqVision Web Service (versions up to 24.03) may expose authentication token details in communications, via use of GET requests with sensitive query strings. The issue has a CVSS v3.1 base score of 5.7 (Network, Low complexity, Privileges Low, User I...

5.7CVSS5.8AI score0.00376EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/01 9:18 p.m.31 views

CVE-2024-32931 exacqVison - Token Disclosed in URL

Under certain circumstances the exacqVision Web Service can expose authentication token details within communications...

5.7CVSS0.00376EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/01 9:18 p.m.16 views

CVE-2024-32931 exacqVison - Token Disclosed in URL

Under certain circumstances the exacqVision Web Service can expose authentication token details within communications...

5.7CVSS7.2AI score0.00376EPSS
Exploits0References2
OSV
OSV
added 2024/08/01 9:15 p.m.4 views

CVE-2024-32864

Under certain circumstances exacqVision Web Services will not enforce secure web communications HTTPS...

8.1CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2024/08/01 9:15 p.m.28 views

CVE-2024-32864

Under certain circumstances exacqVision Web Services will not enforce secure web communications HTTPS...

8.1CVSS0.00222EPSS
Exploits0References2
OSV
OSV
added 2024/08/01 9:15 p.m.4 views

CVE-2024-32863

Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery CSRF...

8.8CVSS5.8AI score0.00204EPSS
Exploits0References2
NVD
NVD
added 2024/08/01 9:15 p.m.18 views

CVE-2024-32863

Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery CSRF...

8.8CVSS0.00204EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/01 9:13 p.m.48 views

CVE-2024-32865 exacqVison - TLS certificate validation

Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices...

6.4CVSS0.00131EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/01 9:13 p.m.22 views

CVE-2024-32865 exacqVison - TLS certificate validation

Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices...

6.4CVSS7AI score0.00131EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/01 9:8 p.m.25 views

CVE-2024-32864 exacqVison - HTTPS Session Establishment

Under certain circumstances exacqVision Web Services will not enforce secure web communications HTTPS...

6.4CVSS0.00222EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/01 9:8 p.m.17 views

CVE-2024-32864 exacqVison - HTTPS Session Establishment

Under certain circumstances exacqVision Web Services will not enforce secure web communications HTTPS...

6.4CVSS7.2AI score0.00222EPSS
Exploits0References2
CVE
CVE
added 2024/08/01 9:8 p.m.80 views

CVE-2024-32864

Summary: CVE-2024-32864 affects Johnson Controls exacqVision Web Service prior to version 24.06, where HTTPS is not enforced under certain conditions, enabling potential exposure of sensitive information via cleartext transmission (CWE-319). The vulnerability affects exacqVision Web Service versi...

8.1CVSS6.5AI score0.00222EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/08/01 8:59 p.m.58 views

CVE-2024-32863

Johnson Controls exacqVision Web Service is affected up to version 24.03 by a Cross-Site Request Forgery (CSRF) vulnerability (CVE-2024-32863). The issue allows performing state-changing operations with administrative privileges and has CVSSv3.1 base score 6.8 (vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H...

8.8CVSS6.7AI score0.00204EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/01 8:59 p.m.28 views

CVE-2024-32863 exacqVison - CSRF issues with Web Service

Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery CSRF...

6.8CVSS7AI score0.00204EPSS
Exploits0References2
ICS
ICS
added 2024/08/01 6:0 a.m.26 views

Johnson Controls exacqVision Web Service

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls, Inc. Equipment : Web Service Vulnerability : Use of GET Request Method With Sensitive Query Strings 2. RISK EVALUATION Successful exploitation of this vulnerability could...

5.7CVSS6.7AI score0.00376EPSS
Exploits0References10
ICS
ICS
added 2024/08/01 6:0 a.m.38 views

Johnson Controls exacqVision Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : exacqVision Server Vulnerability : Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a...

7.3CVSS6.8AI score0.00131EPSS
Exploits0References10
ICS
ICS
added 2024/08/01 6:0 a.m.17 views

Johnson Controls exacqVision Web Service

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : exacqVision Web Service Vulnerability : Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

8.1CVSS7.4AI score0.00222EPSS
Exploits0References10
ICS
ICS
added 2024/08/01 6:0 a.m.17 views

Johnson Controls exacqVision client and exacqVision server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.0 ATTENTION : Exploitable remotely Vendor : Johnson Controls Inc. Equipment : exacqVision Client, exacqVision Server key Vulnerability : Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

9CVSS7.6AI score0.00438EPSS
Exploits0References10
Rows per page
Query Builder