12.0

DATE	CVE	VULNERABILITY TITLE	RISK
2022-10-07	CVE-2022-21936	Improper Authentication vulnerability in Johnsoncontrols Metasys Extended Application and Data Server 12.0 On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI. network low complexity johnsoncontrols CWE-287	6.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.