CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-36204

Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.3%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2021-36204

Johnsoncontrols » Metasys Application And Data Server » Version: 10.0

cpe:2.3:a:johnsoncontrols:metasys_application_and_data_server:10.0
Johnsoncontrols » Metasys Application And Data Server » Version: 10.1

cpe:2.3:a:johnsoncontrols:metasys_application_and_data_server:10.1
Johnsoncontrols » Metasys Application And Data Server » Version: 10.1.5

cpe:2.3:a:johnsoncontrols:metasys_application_and_data_server:10.1.5
Johnsoncontrols » Metasys Application And Data Server » Version: 11.0

cpe:2.3:a:johnsoncontrols:metasys_application_and_data_server:11.0
Johnsoncontrols » Metasys Application And Data Server » Version: 11.0.1

cpe:2.3:a:johnsoncontrols:metasys_application_and_data_server:11.0.1
Johnsoncontrols » Metasys Application And Data Server » Version: 11.0.2

cpe:2.3:a:johnsoncontrols:metasys_application_and_data_server:11.0.2
Johnsoncontrols » Metasys Extended Application And Data Server » Version: 10.0

cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server:10.0
Johnsoncontrols » Metasys Extended Application And Data Server » Version: 10.1

cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server:10.1
Johnsoncontrols » Metasys Extended Application And Data Server » Version: 10.1.5

cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server:10.1.5
Johnsoncontrols » Metasys Extended Application And Data Server » Version: 11.0

cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server:11.0
Johnsoncontrols » Metasys Extended Application And Data Server » Version: 11.0.1

cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server:11.0.1
Johnsoncontrols » Metasys Extended Application And Data Server » Version: 11.0.2

cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server:11.0.2
Johnsoncontrols » Metasys Open Application Server » Version: 10.0

cpe:2.3:a:johnsoncontrols:metasys_open_application_server:10.0
Johnsoncontrols » Metasys Open Application Server » Version: 10.1

cpe:2.3:a:johnsoncontrols:metasys_open_application_server:10.1
Johnsoncontrols » Metasys Open Application Server » Version: 10.1.5

cpe:2.3:a:johnsoncontrols:metasys_open_application_server:10.1.5
Johnsoncontrols » Metasys Open Application Server » Version: 11.0

cpe:2.3:a:johnsoncontrols:metasys_open_application_server:11.0
Johnsoncontrols » Metasys Open Application Server » Version: 11.0.1

cpe:2.3:a:johnsoncontrols:metasys_open_application_server:11.0.1
Johnsoncontrols » Metasys Open Application Server » Version: 11.0.2

cpe:2.3:a:johnsoncontrols:metasys_open_application_server:11.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-36204

Products

Pricing

Contact Us