CVE-2021-36201

Опубликовано: 11 окт. 2022

Источник: nvd

CVSS3: 4.3

CVSS3: 5.3

EPSS Низкий

Описание

Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions.

Ссылки

https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-03
Third Party Advisory
US Government Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-03
Third Party Advisory
US Government Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:johnsoncontrols:c-cure_9000_firmware:*:*:*:*:*:*:*:*

Версия до 2.90 (включая)

cpe:2.3:h:johnsoncontrols:c-cure_9000:-:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00122

Низкий

4.3 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-204

CWE-203

Связанные уязвимости

GHSA-r78m-94wm-v7cv

CVSS3: 5.3

github

больше 2 лет назад

Under certain circumstances a C•CURE Portal user could enumerate user accounts in C•CURE 9000 version 2.90 and prior versions. This issue affects: C•CURE 9000 2.90 and earlier version 2.90 and prior versions.

EPSS

Процентиль: 32%

0.00122

Низкий

4.3 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-204

CWE-203