CVE-2021-36203 Johnson Controls Metasys SCT Pro

The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request...

Johnson Controls Metasys SCT Pro

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Metasys Vulnerability: Server-side Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to...