Vulnerabilities > Johnsoncontrols
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-06 | CVE-2022-21934 | Improper Authentication vulnerability in Johnsoncontrols products Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2. | 6.0 |
| 2022-04-29 | CVE-2021-36207 | Improper Privilege Management vulnerability in Johnsoncontrols products Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator. | 8.5 |
| 2022-04-22 | CVE-2021-36203 | Server-Side Request Forgery (SSRF) vulnerability in Johnsoncontrols Metasys System Configuration Tool The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request. | 6.4 |
| 2022-04-15 | CVE-2021-36205 | Incomplete Cleanup vulnerability in Johnsoncontrols products Under certain circumstances the session token is not cleared on logout. | 6.8 |
| 2022-04-13 | CVE-2022-26643 | Unspecified vulnerability in Johnsoncontrols Easyio CPT Graphics 0.8 An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application. | 5.0 |
| 2022-04-07 | CVE-2021-36202 | Server-Side Request Forgery (SSRF) vulnerability in Johnsoncontrols products Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. | 6.5 |
| 2022-01-14 | CVE-2021-36199 | Unspecified vulnerability in Johnsoncontrols Videoedge 5.4.1/5.7.1 Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop. | 5.0 |
| 2021-12-06 | CVE-2021-36198 | Exposure of Resource to Wrong Sphere vulnerability in Johnsoncontrols Kantech Entrapass Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data. | 5.0 |
| 2021-10-11 | CVE-2021-27664 | Improper Privilege Management vulnerability in Johnsoncontrols Exacqvision web Service 20.06.11.0/20.06.3.0 Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server. | 6.8 |
| 2021-10-11 | CVE-2021-27665 | Integer Overflow or Wraparound vulnerability in Johnsoncontrols Exacqvision Server 21.06.11.0 An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition. | 5.0 |