Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HJohnsoncontrols Metasys Application And Data Server
APPJohnsoncontrols10.0 – 10.1.6 (bez)11.0 – 11.0.3 (bez)Johnsoncontrols Metasys Extended Application And Data Server
APPJohnsoncontrols10.0 – 10.1.6 (bez)11.0 – 11.0.3 (bez)Johnsoncontrols Metasys Open Application Server
APPJohnsoncontrols10.0 – 10.1.6 (bez)11.0 – 11.0.3 (bez)
Related vulnerabilities
On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions witho...
A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior t...
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys AD...
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys AD...
Under certain circumstances an authenticated user could lock other users out of the system or take over their ...