NotCVE - vendor:"Johnsoncontrols" product:"Exacqvision Web Service"

4 results (0.006 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-27664 – exacqVision Web Service

https://notcve.org/view.php?id=CVE-2021-27664

11 Oct 2021 — Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server. Bajo determinadas configuraciones, un usuario remoto no autenticado podría tener acceso a las credenciales almacenadas en el servidor de exacqVision • https://us-cert.gov/ics/advisories/icsa-21-280-01 • CWE-269: Improper Privilege Management •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-27659 – exacqVision Web Service CSS

https://notcve.org/view.php?id=CVE-2021-27659

24 Jun 2021 — exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users. exacqVision Web Service versión 21.03 no combrueba, filtra, escapa y/o codifica suficientemente la entrada controlable por el usuario antes de colocarla en la salida que se utiliza como página web que es servida a otros usuarios • https://us-cert.cisa.gov/ics/advisories/icsa-21-180-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-27656 – exacqVision Web Services - Information Exposure

https://notcve.org/view.php?id=CVE-2021-27656

18 Mar 2021 — A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system. Una vulnerabilidad en el servicio web exacqVision versiones 20.12.2.0 y anteriores, podría permitir a un atacante no autenticado visualizar información a nivel del sistema sobre el servicio web exacqVision y el sistema operativo • https://us-cert.cisa.gov/ics/advisories/icsa-21-077-01 • CWE-862: Missing Authorization •

CVSS: 9.0EPSS: 7%CPEs: 2EXPL: 1

CVE-2020-9047 – exacqVision Software - Improper Verification of Cryptographic Signature

https://notcve.org/view.php?id=CVE-2020-9047

26 Jun 2020 — A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system. Se presenta una vulnerabilidad que podría permitir una ejecución de código no autorizado o comandos del Sistema Opera... • https://github.com/norrismw/CVE-2020-9047 • CWE-347: Improper Verification of Cryptographic Signature •