exploitDog

GHSA-4h8x-xvqq-f78f

Опубликовано: 13 янв. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.

Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.

Ссылки

EPSS

Процентиль: 39%

0.00176

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-522

Связанные уязвимости

CVE-2021-36204

CVSS3: 7.8

nvd

около 3 лет назад

Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.

EPSS

Процентиль: 39%

0.00176

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-522