Shodan
Vulnerabilities
Vulnerable Software
Johnsoncontrols:  >> Metasys Open Application Server  >> 10.1.5  Security Vulnerabilities
CVE-2021-36204
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-01-13
CVE-2021-36200
Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-07-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved