Johnson Controls Exacqvision Web Service vulnerabilities
3 known vulnerabilities affecting johnson_controls/exacqvision_web_service.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-27664P2CRITICALCVSS 9.8≥ 21.06.11.0, ≤ 21.06.11.02021-10-11
CVE-2021-27664 [CRITICAL] CWE-269 CVE-2021-27664: Under certain configurations an unauthenticated remote user could be given access to credentials sto
Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.
nvd
CVE-2021-27665P3HIGHCVSS 7.5≥ 21.06.11.0, ≤ 21.06.11.02021-10-11
CVE-2021-27665 [HIGH] CWE-190 CVE-2021-27665: An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVisi
An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition.
nvd
CVE-2021-27659P4MEDIUMCVSS 6.1≥ All versions up to and including 21.03, ≤ 21.032021-06-24
CVE-2021-27659 [MEDIUM] CWE-79 CVE-2021-27659: exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-con
exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.
nvd