CVE-2021-36200

{"id": "CVE-2021-36200", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "productsecurity@jci.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-07-22T15:15:07.910", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-02", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "productsecurity@jci.com"}, {"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", "tags": ["Vendor Advisory"], "source": "productsecurity@jci.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "productsecurity@jci.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users."}, {"lang": "es", "value": "Bajo determinadas circunstancias, un usuario no autenticado podr\u00eda acceder a la API web para las versiones de Metasys ADS/ADX/OAS versiones 10 anteriores a 10.1.6 y 11 anteriores a 11.0.2 y enumerar usuarios"}], "lastModified": "2022-07-29T19:10:25.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:johnsoncontrols:metasys_application_and_data_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD7580CF-9B2D-441F-9F87-2D3AA0972F65", "versionEndExcluding": "10.1.6", "versionStartIncluding": "10.0"}, {"criteria": "cpe:2.3:a:johnsoncontrols:metasys_application_and_data_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA242516-72AD-4835-BE94-662CECD1DF78", "versionEndExcluding": "11.0.2", "versionStartIncluding": "11.0"}, {"criteria": "cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C3A978D-692C-4023-8A2E-B1F28B57763B", "versionEndExcluding": "10.1.6", "versionStartIncluding": "10.0"}, {"criteria": "cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B02A5890-8965-4CB6-B009-9C741D4D97F4", "versionEndExcluding": "11.0.2", "versionStartIncluding": "11.0"}, {"criteria": "cpe:2.3:a:johnsoncontrols:metasys_open_application_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA185C2A-D5DE-4346-A409-0C457D72848D", "versionEndExcluding": "10.1.6", "versionStartIncluding": "10.0"}, {"criteria": "cpe:2.3:a:johnsoncontrols:metasys_open_application_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16B43D40-5D24-4011-B5E3-676EF38C2751", "versionEndExcluding": "11.0.2", "versionStartIncluding": "11.0"}], "operator": "OR"}]}], "sourceIdentifier": "productsecurity@jci.com"}