CVE-2021-36206
The CVE-2021-36206 issue affects Johnson Controls CEVAS (all CEVAS versions before 1.01.46). The root cause is insufficient validation of user-controllable input, enabling an attacker to bypass authentication and retrieve data via specially crafted SQL queries. Public sources consistently describ...