Описание
Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls Metasys version 11.0 and prior versions.
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 11.0 (включая)
cpe:2.3:a:johnsoncontrols:metasys:*:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00286
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-269
CWE-269
Связанные уязвимости
github
больше 3 лет назад
Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls Metasys version 11.0 and prior versions.
EPSS
Процентиль: 52%
0.00286
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-269
CWE-269