Vulnerabilities > Johnsoncontrols > Exacqvision WEB Service > 20.06.11.0

DATE CVE VULNERABILITY TITLE RISK
2024-08-01 CVE-2024-32862 Incorrect Comparison vulnerability in Johnsoncontrols Exacqvision web Service 20.06.11.0/20.06.3.0/21.03
Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains.
network
low complexity
johnsoncontrols CWE-697
8.1
8.1
2024-08-01 CVE-2024-32931 Unspecified vulnerability in Johnsoncontrols Exacqvision web Service 20.06.11.0/20.06.3.0/21.03
Under certain circumstances the exacqVision Web Service can expose authentication token details within communications.
network
low complexity
johnsoncontrols
5.7
5.7
2024-08-01 CVE-2024-32863 Cross-Site Request Forgery (CSRF) vulnerability in Johnsoncontrols Exacqvision web Service 20.06.11.0/20.06.3.0/21.03
Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF)
network
low complexity
johnsoncontrols CWE-352
8.8
8.8
2024-08-01 CVE-2024-32864 Cleartext Transmission of Sensitive Information vulnerability in Johnsoncontrols Exacqvision web Service 20.06.11.0/20.06.3.0/21.03
Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS)
network
low complexity
johnsoncontrols CWE-319
8.1
8.1
2021-10-11 CVE-2021-27664 Improper Privilege Management vulnerability in Johnsoncontrols Exacqvision web Service 20.06.11.0/20.06.3.0
Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.
network
low complexity
johnsoncontrols CWE-269
critical
 9.8
9.8
2021-06-24 CVE-2021-27659 Cross-site Scripting vulnerability in Johnsoncontrols Exacqvision web Service 20.06.11.0/20.06.3.0/21.03
exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.
network
low complexity
johnsoncontrols CWE-79
6.1
6.1
2021-03-18 CVE-2021-27656 Missing Authorization vulnerability in Johnsoncontrols Exacqvision web Service 20.06.11.0/20.06.3.0
A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system.
network
low complexity
johnsoncontrols CWE-862
7.5
7.5