CVE-2024-0912

Опубликовано: 06 июн. 2024

Источник: nvd

CVSS3: 4.2

EPSS Низкий

Описание

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03
Third Party Advisory
US Government Resource
https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf
Product
https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03
Third Party Advisory
US Government Resource
https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:h:johnsoncontrols:software_house_c-cure_9000_siteserver:3.00.2:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.0005

Низкий

4.2 Medium

CVSS3

Дефекты

CWE-532

Связанные уязвимости

GHSA-8p78-mrgj-hw73