Описание
In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.
Ссылки
- Third Party AdvisoryVDB Entry
- MitigationThird Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- MitigationThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.2 (исключая)Версия до 8.0 (включая)
Одно из
cpe:2.3:a:johnsoncontrols:bcpro:*:*:*:*:*:*:*:*
cpe:2.3:a:johnsoncontrols:metasys_system:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.0013
Низкий
6.5 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-209
CWE-388
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.
EPSS
Процентиль: 33%
0.0013
Низкий
6.5 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-209
CWE-388