CVE-2021-36203

Опубликовано: 22 апр. 2022

Источник: nvd

CVSS3: 5.3

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request.

Ссылки

https://www.cisa.gov/uscert/ics/advisories/icsa-22-111-02
Third Party Advisory
US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-111-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:johnsoncontrols:metasys_system_configuration_tool:*:*:*:*:-:*:*:*

Версия до 14.2.2 (исключая)

cpe:2.3:a:johnsoncontrols:metasys_system_configuration_tool:*:*:*:*:pro:*:*:*

Версия до 14.2.2 (исключая)

EPSS

Процентиль: 38%

0.00168

Низкий

5.3 Medium

CVSS3

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-67j2-4r5v-f48w

CVSS3: 9.1

github

почти 4 года назад

A vulnerability in all versions of SCT/SCT Pro prior to version 14.2.2 allows a remote unauthenticated attacker to identify and forge requests to internal systems via a specially crafted request allowing the attacker to determine if specific files or paths exist. This issue affects all versions of SCT/SCT Pro prior to version 14.2.2.

EPSS

Процентиль: 38%

0.00168

Низкий

5.3 Medium

CVSS3

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-918