CVE-2021-36204
EUVD-2021-2282513.01.2023, 21:15
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys_application_and_data_server | 10.0 ≤ 𝑥 < 10.1.6 |
| johnsoncontrols | metasys_application_and_data_server | 11.0 ≤ 𝑥 < 11.0.3 |
| johnsoncontrols | metasys_extended_application_and_data_server | 10.0 ≤ 𝑥 < 10.1.6 |
| johnsoncontrols | metasys_extended_application_and_data_server | 11.0 ≤ 𝑥 < 11.0.3 |
| johnsoncontrols | metasys_open_application_server | 10.0 ≤ 𝑥 < 10.1.6 |
| johnsoncontrols | metasys_open_application_server | 11.0 ≤ 𝑥 < 11.0.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration