CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

Positive Technologies•added 2026/01/30 12:0 a.m.•4 views

PT-2026-5389

Name of the Vulnerable Software and Affected Versions Johnson Controls Metasys versions 12.0 through 14.1 Johnson Controls Metasys Application and Data Server ADS versions 14.1 and prior Johnson Controls Metasys Extended Application and Data Server ADX version 14.1 Johnson Controls Metasys System...

9.5CVSS5.9AI score0.00231EPSS

Exploits0References10

NVD•added 2022/09/06 6:15 p.m.•8 views

CVE-2022-23683

Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete...

7.2CVSS0.01684EPSS

Exploits0References1

Prion•added 2022/09/06 6:15 p.m.•12 views

Command injection

5.8CVSS7.7AI score0.01684EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/09/06 5:18 p.m.•13 views

CVE-2022-23683

8AI score0.01684EPSS

Exploits0References1

CVE•added 2022/09/06 5:18 p.m.•50 views

CVE-2022-23683

CVE-2022-23683 describes authenticated command‑injection vulnerabilities in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation allows executing arbitrary commands as a privileged user on the underlying OS, potentially achieving complete compromise of switches running Aru...

7.2CVSS7.7AI score0.01684EPSS

Exploits0References1Affected Software1

CVE•added 2022/03/02 9:38 p.m.•75 views

CVE-2021-41001

An authenticated remote code execution vulnerability exists in Aruba AOS-CX Network Analytics Engine (NAE) across Aruba CX 6200F, 6300, 6400, 8320, 8325, 8400, and CX 8360 series. Affected versions are listed as AOS-CX 10.07.xxxx (≤10.07.0050), 10.08.xxxx (≤10.08.1030), and 10.09.xxxx (≤10.09.000...

9CVSS8.9AI score0.05606EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/03/02 9:38 p.m.•14 views

CVE-2021-41001

An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine NAE in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch...

9.2AI score0.05606EPSS

Exploits0References1

ICS•added 2020/03/10 12:0 a.m.•48 views

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Johnson Controls Equipment: Metasys Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability can allow a...

9.1CVSS8.4AI score0.00269EPSS

Exploits0References5

CVE•added 2019/08/20 6:24 p.m.•46 views

CVE-2019-7594

Metasys ADS/ADX servers and NAE/NIE/NCE engines before version 9.0 use a hardcoded RC2 key for Site Management Portal (SMP) encryption. This flaw can allow an attacker with access to the key to decrypt captured network traffic between the Metasys components and the SMP client. Affected products a...

9.1CVSS8AI score0.00111EPSS

Exploits0References2Affected Software1

CVE•added 2019/08/20 6:22 p.m.•51 views

CVE-2019-7593

Metasys ADS/ADX servers and NAE/NIE/NCE engines prior to version 9.0 use a shared RSA key pair for certain Site Management Portal (SMP) encryption, allowing an attacker with access to the key to decrypt captured traffic between the Metasys components and the SMP client. CVE-2019-7593 is authentic...

9.1CVSS8AI score0.00111EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2019/08/14 12:0 a.m.•28 views

Johnson Controls MS-NAE3514-2 Metasys NAE Controller

Binary data 764906.prm...

7.3AI score

Exploits0

Tenable Nessus•added 2019/08/14 12:0 a.m.•17 views

Johnson Controls MS-NAE3520-2 Metasys NAE Controller

Binary data 764905.prm...

7.3AI score

Exploits0

Tenable Nessus•added 2019/08/14 12:0 a.m.•16 views

Johnson Controls MS-NAE4510-2 Metasys NAE Controller

Binary data 764903.prm...

7.3AI score

Exploits0

Tenable Nessus•added 2019/08/14 12:0 a.m.•20 views

Johnson Controls MS-NAE4520-2 Metasys NAE Controller

Binary data 764902.prm...

7.3AI score

Exploits0

Tenable Nessus•added 2019/08/14 12:0 a.m.•12 views

Johnson Controls MS-NAE5511-3E Metasys NAE Controller

Binary data 764900.prm...

7.3AI score

Exploits0

Tenable Nessus•added 2019/08/14 12:0 a.m.•8 views

Johnson Controls MS-NAE5521-3E Metasys NAE Controller

Binary data 764897.prm...

7.3AI score

Exploits0

Tenable Nessus•added 2019/08/14 12:0 a.m.•14 views

Johnson Controls MS-NAE3524-2 Metasys NAE Controller

Binary data 764904.prm...

7.3AI score

Exploits0

Tenable Nessus•added 2019/08/14 12:0 a.m.•8 views

Johnson Controls MS-NAE5520-3E Metasys NAE Controller

Binary data 764899.prm...

7.3AI score

Exploits0

Cvelist•added 2019/02/12 8:0 p.m.•10 views

CVE-2019-1688 Cisco Network Assurance Engine CLI Access with Default Password Vulnerability

A vulnerability in the management web interface of Cisco Network Assurance Engine NAE could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service DoS condition on the server. The vulnerability is due to a fault in the password management system of NAE. ...

7.7CVSS7AI score0.00229EPSS

Exploits0References2

CVE•added 2019/02/12 8:0 p.m.•43 views

CVE-2019-1688

CVE-2019-1688 affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The issue is a fault in the password management system that can let an unauthenticated, local attacker gain unauthorized access or cause a DoS by authenticating with the default administrator password via the CLI. Impact i...

7.7CVSS7.2AI score0.00229EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by