Lucene search

[email protected]NVD:CVE-2024-32931

HistoryAug 01, 2024 - 10:15 p.m.

CVE-2024-32931

2024-08-0122:15:25

CWE-598

[email protected]

web.nvd.nist.gov

exacqvision

web service

authentication token

communications

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

18.7%

JSON

Under certain circumstances the exacqVision Web Service can expose authentication token details within communications.

Affected configurations

Nvd

Node

johnsoncontrolsexacqvision_web_serviceRange≤24.03

VendorProductVersionCPE
johnsoncontrolsexacqvision_web_service*cpe:2.3:a:johnsoncontrols:exacqvision_web_service:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
johnsoncontrols	exacqvision_web_service	*	cpe:2.3:a:johnsoncontrols:exacqvision_web_service::::::::

References

www.cisa.gov/news-events/ics-advisories/icsa-24-214-06

www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

18.7%

JSON

Related for NVD:CVE-2024-32931

ics1 cvelist1 vulnrichment1 cve1 nessus1