Johnsoncontrols: >> Exacqvision Web Service >> 20.06.11.0 Security Vulnerabilities
Under certain circumstances the exacqVision Web Service can expose authentication token details within communications.
CVSS Score
5.7
EPSS Score
0.001
Published
2024-08-01
Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-08-01
Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS)
CVSS Score
6.4
EPSS Score
0.0
Published
2024-08-01
Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF)
CVSS Score
6.8
EPSS Score
0.001
Published
2024-08-01
Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-10-11
exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-06-24
A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-03-18