4 matches found
PT-2023-12265 · Johnson Controls · Metasys Ads/Adx/Oas
Name of the Vulnerable Software and Affected Versions: Johnson Controls Metasys ADS/ADX/OAS versions prior to 10.1.6 Johnson Controls Metasys ADS/ADX/OAS versions prior to 11.0.3 Description: An Insufficiently Protected Credentials issue allows API calls to expose credentials in plain text under...
Code injection
Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users...
Johnson Controls Metasys ADS, ADX, OAS
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc Equipment: Metasys ADS, ADX, OAS with MUI Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...
Code injection
Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2...