Metasys Application And Data Server Security Vulnerabilities and Issues — Metasys Application And Data Server CVE List

Lucene search

JohnsoncontrolsMetasys Application And Data Server

3 matches found

CVE•added 2022/04/07 8:15 p.m.•87 views

CVE-2021-36202

Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0....

8.8CVSS8.6AI score0.0019EPSS

CVE•added 2022/04/29 5:15 p.m.•81 views

CVE-2021-36207

Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator.

8.8CVSS8.7AI score0.00158EPSS

CVE•added 2022/04/15 5:15 p.m.•71 views

CVE-2021-36205

Under certain circumstances the session token is not cleared on logout.

9.8CVSS9.1AI score0.00275EPSS