Vulnerabilities > Johnsoncontrols > Metasys Extended Application AND Data Server > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-15 | CVE-2021-36205 | Incomplete Cleanup vulnerability in Johnsoncontrols products Under certain circumstances the session token is not cleared on logout. | 9.8 |
2020-03-10 | CVE-2020-9044 | XXE vulnerability in Johnsoncontrols products XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. | 9.1 |