Vulnerabilities > Johnsoncontrols > Metasys System Configuration Tool > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-22 | CVE-2021-36203 | Server-Side Request Forgery (SSRF) vulnerability in Johnsoncontrols Metasys System Configuration Tool The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request. | 9.1 |
2020-03-10 | CVE-2020-9044 | XXE vulnerability in Johnsoncontrols products XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. | 9.1 |