Shodan
Vulnerabilities
Vulnerable Software
Johnsoncontrols:  Security Vulnerabilities
CVE-2021-36206
All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries.
CVSS Score
10.0
EPSS Score
0.001
Published
2022-10-28
CVE-2021-36201
Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-10-11
CVE-2022-21936
On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.
CVSS Score
8.1
EPSS Score
0.001
Published
2022-10-07
CVE-2022-21941
All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system.
CVSS Score
10.0
EPSS Score
0.027
Published
2022-08-31
CVE-2021-36200
Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-07-22
CVE-2022-21938
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface.
CVSS Score
8.1
EPSS Score
0.004
Published
2022-06-15
CVE-2022-21935
A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-06-15
CVE-2022-21937
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface.
CVSS Score
8.7
EPSS Score
0.005
Published
2022-06-15
CVE-2022-21934
Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2.
CVSS Score
8.0
EPSS Score
0.002
Published
2022-05-06
CVE-2021-36207
Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-04-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved