9.8
CVE-2021-27664
- EPSS 1.5%
- Veröffentlicht 11.10.2021 16:15:07
- Zuletzt bearbeitet 21.11.2024 05:58:24
- Quelle productsecurity@jci.com
- CVE-Watchlists
- Unerledigt
LoginexacqVision Web Service
Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Johnsoncontrols ≫ Exacqvision Web Service Version <= 20.06.11.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.5% | 0.71 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| productsecurity@jci.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
https://us-cert.gov/ics/advisories/icsa-21-280-01