Vulnerabilities > Johnsoncontrols > Metasys Open Application Server > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-22 | CVE-2021-36200 | Missing Authentication for Critical Function vulnerability in Johnsoncontrols products Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users. | 5.3 |
2022-06-15 | CVE-2022-21938 | Cross-site Scripting vulnerability in Johnsoncontrols products Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface. | 5.4 |
2022-06-15 | CVE-2022-21937 | Cross-site Scripting vulnerability in Johnsoncontrols products Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface. | 5.4 |