Vulnerability Details CVE-2021-27658
exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.2%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 3.5
References
- https://us-cert.cisa.gov/ics/advisories/icsa-21-180-02
- https://us-cert.gov/ics/advisories
- https://www.johnsoncontrols.com/cyber-solutions/security-advisories
- https://us-cert.cisa.gov/ics/advisories/icsa-21-180-02
- https://us-cert.gov/ics/advisories
- https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Products affected by CVE-2021-27658
-
cpe:2.3:a:johnsoncontrols:exacqvision_enterprise_manager:-
-
cpe:2.3:a:johnsoncontrols:exacqvision_enterprise_manager:20.06.4.0
-
cpe:2.3:a:johnsoncontrols:exacqvision_enterprise_manager:20.12