Metasys Extended Application And Data Server Security Vulnerabilities and Issues — Metasys Extended Application And Data Server CVE List

Lucene search

JohnsoncontrolsMetasys Extended Application And Data Server

9 matches found

CVE•added 2022/07/22 3:15 p.m.•1394 views

CVE-2021-36200

Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users.

5.3CVSS5.3AI score0.00286EPSS

CVE•added 2022/04/07 8:15 p.m.•87 views

CVE-2021-36202

Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0....

8.8CVSS8.6AI score0.0019EPSS

CVE•added 2022/06/15 8:15 p.m.•84 views

CVE-2022-21935

A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change.

7.5CVSS7.7AI score0.00185EPSS

CVE•added 2022/04/29 5:15 p.m.•81 views

CVE-2021-36207

Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator.

8.8CVSS8.7AI score0.00158EPSS

CVE•added 2022/04/15 5:15 p.m.•71 views

CVE-2021-36205

Under certain circumstances the session token is not cleared on logout.

9.8CVSS9.1AI score0.00275EPSS

CVE•added 2022/05/06 4:15 p.m.•69 views

CVE-2022-21934

Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2.

8.8CVSS8.2AI score0.0019EPSS

CVE•added 2022/06/15 8:15 p.m.•63 views

CVE-2022-21937

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface.

8.7CVSS6.3AI score0.00541EPSS

CVE•added 2022/06/15 9:15 p.m.•60 views

CVE-2022-21938

8.1CVSS6.3AI score0.0035EPSS

CVE•added 2022/10/07 6:15 p.m.•51 views

CVE-2022-21936

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.

8.1CVSS7AI score0.00131EPSS