Johnson Controls Metasys ADX Server is a data server from Johnson Controls, Inc. An authorization issue vulnerability exists in Johnson Controls Metasys ADX Server version 12.0, which stems from improper access controls in the application and could be exploited by an attacker to cause an AD user to perform an authenticated action without providing a valid password when using the MVE SMP UI.