Johnsoncontrols : Security Vulnerabilities, CVEs, (XSS)

CVE-2022-21938

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface.
Max CVSS
8.1
EPSS Score
0.05%
Published
2022-06-15
Updated
2022-06-24

CVE-2022-21937

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface.
Max CVSS
8.7
EPSS Score
0.05%
Published
2022-06-15
Updated
2022-06-24

CVE-2021-36206

All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries.
Max CVSS
10.0
EPSS Score
0.09%
Published
2022-10-28
Updated
2022-11-01

CVE-2021-27659

exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.
Max CVSS
6.1
EPSS Score
0.07%
Published
2021-06-24
Updated
2021-09-20

CVE-2021-27658

exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-06-24
Updated
2021-09-20
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close