HIGH🇬🇧 English

CVE-2022-21935

CVSS 7.5v3.1pub. 2022-06-15upd. 2024-11-21

A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Johnsoncontrols Metasys Application And Data Server

    APP
    Johnsoncontrols
    11.011.0.110.0 – 10.1.5
  • Johnsoncontrols Metasys Extended Application And Data Server

    APP
    Johnsoncontrols
    11.011.0.110.0 – 10.1.5
  • Johnsoncontrols Metasys Open Application Server

    APP
    Johnsoncontrols
    11.011.0.110.0 – 10.1.5 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2021-36204HIGH7.8ten sam produkt

Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS...

CVE-2022-21936HIGH8.1ten sam produkt

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions witho...

CVE-2022-21938HIGH8.1ten sam produkt

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys AD...

CVE-2022-21937HIGH8.7ten sam produkt

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys AD...

CVE-2022-21934HIGH8.0ten sam produkt

Under certain circumstances an authenticated user could lock other users out of the system or take over their ...

CVE-2022-21935 — HIGH 7.5 | CVEbaza.pl