CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
22.7%
On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.
Vendor | Product | Version | CPE |
---|---|---|---|
johnsoncontrols | metasys_extended_application_and_data_server | 12.0 | cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server:12.0:*:*:*:*:*:*:* |
johnsoncontrols | metasys_for_validated_environments | - | cpe:2.3:a:johnsoncontrols:metasys_for_validated_environments:-:*:*:*:*:*:*:* |