Lucene search
JciCVELIST:CVE-2021-36207HistoryApr 29, 2022 - 4:39 p.m.
CVE-2021-36207 Metasys privilege management
2022-04-2916:39:14
CWE-269
jci
www.cve.org
2
cve-2021-36207
metasys
privilege management
ads
adx
oas
servers
authentication
elevation
administrator
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.001
Percentile
42.8%
Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator.
CNA Affected
[
{
"product": "Metasys ADS/ADX/OAS server",
"vendor": "Johnson Controls",
"versions": [
{
"lessThan": "10.1.5",
"status": "affected",
"version": "All 10 versions",
"versionType": "custom"
},
{
"lessThan": "11.0.2",
"status": "affected",
"version": "All 11 versions",
"versionType": "custom"
}
]
}
]Related
prion
prion
Input validation
2022-04-29 17:15:00
ics
ics
Johnson Controls Metasys
2022-04-28 12:00:00
nvd
nvd
CVE-2021-36207
2022-04-29 17:15:19
cve
cve
CVE-2021-36207
2022-04-29 17:15:19
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.001
Percentile
42.8%
Related for CVELIST:CVE-2021-36207