4 matches found
CVE-2021-36202
Server-Side Request Forgery SSRF vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0....
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0....
CVE-2021-36202 Metasys UI
Server-Side Request Forgery SSRF vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0....
Johnson Controls Metasys
1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: Metasys Vulnerability: Server-side Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to inject...