CyberSec.Space Logo
Back to CVE Browser

CVE-2021-36206

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1230%
EPSS Percentile30.07th
PublishedOct 28, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries.

Affected Platforms (CPE)

πŸ“¦
Johnsoncontrols

Cevas

< 1.01.46

References & Advisories

πŸ”— https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-05
πŸ”— https://www.johnsoncontrols.com/cyber-solutions/security-advisories
πŸ”— https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-05
πŸ”— https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Related Vulnerabilities

CVE-2021-2124410.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server sid...

CVE-2021-2124310.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deser...

CVE-2021-021110.0

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon ...

CVE-2021-2124210.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-a...