Johnsoncontrols

Metasys Application And Data Server

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.5

CVE-2025-26385

  • EPSS 0.25%
  • Veröffentlicht 30.01.2026 11:05:16
  • Zuletzt bearbeitet 04.02.2026 16:34:21

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects ...

7.5

CVE-2021-36204

  • EPSS 0.18%
  • Veröffentlicht 13.01.2023 21:15:15
  • Zuletzt bearbeitet 21.11.2024 06:13:18

Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.

5.3

CVE-2021-36200

  • EPSS 0.28%
  • Veröffentlicht 22.07.2022 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:13:18

Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users.

5.4

CVE-2022-21938

  • EPSS 0.35%
  • Veröffentlicht 15.06.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:45:44

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface.

7.5

CVE-2022-21935

  • EPSS 0.25%
  • Veröffentlicht 15.06.2022 20:15:17
  • Zuletzt bearbeitet 21.11.2024 06:45:44

A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change.

5.4

CVE-2022-21937

  • EPSS 0.54%
  • Veröffentlicht 15.06.2022 20:15:17
  • Zuletzt bearbeitet 21.11.2024 06:45:44

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface.

8.8

CVE-2022-21934

  • EPSS 0.25%
  • Veröffentlicht 06.05.2022 16:15:14
  • Zuletzt bearbeitet 21.11.2024 06:45:44

Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2.

8.8

CVE-2021-36207

  • EPSS 0.16%
  • Veröffentlicht 29.04.2022 17:15:19
  • Zuletzt bearbeitet 21.11.2024 06:13:19

Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator.

9.8

CVE-2021-36205

  • EPSS 0.28%
  • Veröffentlicht 15.04.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:13:18

Under certain circumstances the session token is not cleared on logout.

8.8

CVE-2021-36202

  • EPSS 0.19%
  • Veröffentlicht 07.04.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:13:18

Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior t...