Vulnerabilities > Johnsoncontrols > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-08 | CVE-2020-9048 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack. | 8.1 |
| 2020-06-26 | CVE-2020-9047 | Improper Verification of Cryptographic Signature vulnerability in Johnsoncontrols products A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. | 7.2 |
| 2020-05-26 | CVE-2020-9046 | Improper Privilege Management vulnerability in Johnsoncontrols Kantech Entrapass 8.22 A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files. | 7.8 |
| 2019-07-19 | CVE-2019-7590 | Unquoted Search Path or Element vulnerability in Johnsoncontrols Exacqvision Server 9.6/9.8 ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. | 7.8 |