CVE-2018-10624 – Johnson Controls Metasys and BCPro Generation of Error Message Containing Sensitive Information

https://notcve.org/view.php?id=CVE-2018-10624

01 Aug 2018 — In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information. En Johnson Controls Metasys System en versiones 8.0 y anteriores y BCPro (BCM) en todas las versiones anteriores a la 3.0.2, esta vulnerabilidad resulta de un manejo de errores incorrecto en las comunicaciones HTTP con el servidor, lo que podrí... • http://www.securityfocus.com/bid/104937 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-388: 7PK - Errors •