NotCVE - vendor:"Johnsoncontrols" product:"Entrapass"

3 results (0.002 seconds)

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-36198 – Entrapass

https://notcve.org/view.php?id=CVE-2021-36198

06 Dec 2021 — Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data. Una explotación con éxito de esta vulnerabilidad podría permitir a un usuario no autorizado acceder a datos confidenciales • https://us-cert.gov/ics/advisories/ICSA-21-336-02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-9046 – Kantech EntraPass Security Management Software - System Permissions Vulnerability

https://notcve.org/view.php?id=CVE-2020-9046

26 May 2020 — A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files. Una vulnerabilidad en todas las versiones de Kantech EntraPass Editions podría permitir potencialmente a un usuario autorizado poco privilegiado obtener privilegios de nivel system completos mediante el reemplazo de los archivos críticos con archivos específicamente diseñados. • https://www.johnsoncontrols.com/cyber-solutions/security-advisories • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-7589 – Kantech EntraPass Improper Input Validation

https://notcve.org/view.php?id=CVE-2019-7589

10 Mar 2020 — A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior. Hay una vulnerabilidad con la opción SmartService API Service por la cual un usuario no autorizado podría explotar esto para cargar código malicioso e... • https://www.johnsoncontrols.com/cyber-solutions/security-advisories • CWE-20: Improper Input Validation •