CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-36206

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1230%
EPSS Percentile30.07th
Published2022年10月28日
Last Modified2024年11月21日

Vulnerability Description

All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries.

Affected Platforms (CPE)

📦
Johnsoncontrols

Cevas

< 1.01.46

References & Advisories

🔗 https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-05
🔗 https://www.johnsoncontrols.com/cyber-solutions/security-advisories
🔗 https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-05
🔗 https://www.johnsoncontrols.com/cyber-solutions/security-advisories

関連する脆弱性情報

CVE-2021-2132210.0

fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By c...

CVE-2021-2132110.0

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-r...

CVE-2021-4155610.0

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to ...

CVE-2021-217710.0

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version tha...