Lucene search

JciCVE-2024-32862

HistoryAug 01, 2024 - 10:15 p.m.

CVE-2024-32862

2024-08-0122:15:24

CWE-697

CWE-942

jci

web.nvd.nist.gov

exacqvision

web services

untrusted domains

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

39.5%

JSON

Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains.

Affected configurations

Nvd

Node

johnsoncontrolsexacqvision_web_serviceRange≤24.03

VendorProductVersionCPE
johnsoncontrolsexacqvision_web_service*cpe:2.3:a:johnsoncontrols:exacqvision_web_service:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
johnsoncontrols	exacqvision_web_service	*	cpe:2.3:a:johnsoncontrols:exacqvision_web_service::::::::

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "exacqVision",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThanOrEqual": "24.03",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-214-02

www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

39.5%

JSON

Related for CVE-2024-32862