Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
johnsoncontrols metasys application and data server vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-36204
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions before 10.1.6 and 11 versions before 11.0.3 allows API calls to expose credentials in plain text.
Johnsoncontrols Metasys Application And Data Server
Johnsoncontrols Metasys Extended Application And Data Server
Johnsoncontrols Metasys Open Application Server
5.3
CVSSv3
CVE-2021-36200
Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions before 10.1.6 and 11 versions before 11.0.2 and enumerate users.
Johnsoncontrols Metasys Open Application Server
Johnsoncontrols Metasys Extended Application And Data Server
Johnsoncontrols Metasys Application And Data Server
5.4
CVSSv3
CVE-2022-21938
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions before 10.1.5 and Metasys ADS/ADX/OAS 11 versions before 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface.
Johnsoncontrols Metasys Open Application Server
Johnsoncontrols Metasys Open Application Server 11.0
Johnsoncontrols Metasys Application And Data Server 11.0
Johnsoncontrols Metasys Extended Application And Data Server 11.0
Johnsoncontrols Metasys Application And Data Server 11.0.1
Johnsoncontrols Metasys Extended Application And Data Server 11.0.1
Johnsoncontrols Metasys Open Application Server 11.0.1
Johnsoncontrols Metasys Application And Data Server
Johnsoncontrols Metasys Extended Application And Data Server
7.5
CVSSv3
CVE-2022-21935
A vulnerability in Metasys ADS/ADX/OAS 10 versions before 10.1.5 and Metasys ADS/ADX/OAS 11 versions before 11.0.2 allows unverified password change.
Johnsoncontrols Metasys Open Application Server
Johnsoncontrols Metasys Open Application Server 11.0
Johnsoncontrols Metasys Application And Data Server 11.0
Johnsoncontrols Metasys Extended Application And Data Server 11.0
Johnsoncontrols Metasys Application And Data Server 11.0.1
Johnsoncontrols Metasys Extended Application And Data Server 11.0.1
Johnsoncontrols Metasys Open Application Server 11.0.1
Johnsoncontrols Metasys Application And Data Server
Johnsoncontrols Metasys Extended Application And Data Server
5.4
CVSSv3
CVE-2022-21937
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions before 10.1.5 and Metasys ADS/ADX/OAS 11 versions before 11.0.2 could allow a user to inject malicious code into the web interface.
Johnsoncontrols Metasys Open Application Server
Johnsoncontrols Metasys Open Application Server 11.0
Johnsoncontrols Metasys Application And Data Server 11.0
Johnsoncontrols Metasys Extended Application And Data Server 11.0
Johnsoncontrols Metasys Application And Data Server 11.0.1
Johnsoncontrols Metasys Extended Application And Data Server 11.0.1
Johnsoncontrols Metasys Open Application Server 11.0.1
Johnsoncontrols Metasys Application And Data Server
Johnsoncontrols Metasys Extended Application And Data Server
8.8
CVSSv3
CVE-2022-21934
Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions before 10.1.5 and Metasys ADS/ADX/OAS server 11 versions before 11.0.2.
Johnsoncontrols Metasys Open Application Server
Johnsoncontrols Metasys Extended Application And Data Server
Johnsoncontrols Metasys Application And Data Server
8.8
CVSSv3
CVE-2021-36207
Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator.
Johnsoncontrols Metasys Open Application Server
Johnsoncontrols Metasys Extended Application And Data Server
Johnsoncontrols Metasys Application And Data Server
9.8
CVSSv3
CVE-2021-36205
Under certain circumstances the session token is not cleared on logout.
Johnsoncontrols Metasys Application And Data Server
Johnsoncontrols Metasys Extended Application And Data Server
Johnsoncontrols Metasys Open Application Server
8.8
CVSSv3
CVE-2021-36202
Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated malicious user to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions before 10.1.5; All 11 versions ...
Johnsoncontrols Metasys Application And Data Server
Johnsoncontrols Metasys Extended Application And Data Server
Johnsoncontrols Metasys Open Application Server
9.1
CVSSv3
CVE-2020-9044
XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys E...
Johnsoncontrols Metasys Application And Data Server
Johnsoncontrols Metasys Extended Application And Data Server
Johnsoncontrols Metasys Lonworks Control Server
Johnsoncontrols Metasys Open Application Server 10.1
Johnsoncontrols Metasys Open Data Server
Johnsoncontrols Metasys System Configuration Tool
Johnsoncontrols Nae55 Firmware 9.0.1
Johnsoncontrols Nae55 Firmware 9.0.2
Johnsoncontrols Nae55 Firmware 9.0.3
Johnsoncontrols Nae55 Firmware 9.0.5
Johnsoncontrols Nae55 Firmware 9.0.6
Johnsoncontrols Nie55 Firmware 9.0.1
Johnsoncontrols Nie55 Firmware 9.0.2
Johnsoncontrols Nie55 Firmware 9.0.3
Johnsoncontrols Nie55 Firmware 9.0.5
Johnsoncontrols Nie55 Firmware 9.0.6
Johnsoncontrols Nie59 Firmware 9.0.1
Johnsoncontrols Nie59 Firmware 9.0.2
Johnsoncontrols Nie59 Firmware 9.0.3
Johnsoncontrols Nie59 Firmware 9.0.5
Johnsoncontrols Nie59 Firmware 9.0.6
Johnsoncontrols Nae85 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started