CVE-2024-32862
EUVD-2024-3064801.08.2024, 22:15
Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | exacqvision_web_service | 𝑥 ≤ 24.03 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| johnsoncontrols | exacqvision_web_service | 𝑥 ≤ 24.03 | ADP |
Common Weakness Enumeration
- CWE-942 - Permissive Cross-domain Policy with Untrusted DomainsThe software uses a cross-domain policy file that includes domains that should not be trusted.
- CWE-697 - Incorrect ComparisonThe software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.