Vulnerabilities > Johnsoncontrols > Metasys Extended Application AND Data Server > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-04-15 CVE-2021-36205 Incomplete Cleanup vulnerability in Johnsoncontrols products
Under certain circumstances the session token is not cleared on logout.
network
low complexity
johnsoncontrols CWE-459
critical
9.8
2020-03-10 CVE-2020-9044 XXE vulnerability in Johnsoncontrols products
XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files.
network
low complexity
johnsoncontrols CWE-611
critical
9.1