CVE-2021-36201

Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:johnsoncontrols:c-cure_9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:c-cure_9000:-:*:*:*:*:*:*:*

History

14 Oct 2022, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-10-11 21:15

Updated : 2024-02-04 22:51


NVD link : CVE-2021-36201

Mitre link : CVE-2021-36201

CVE.ORG link : CVE-2021-36201


JSON object : View

Products Affected

johnsoncontrols

  • c-cure_9000
  • c-cure_9000_firmware
CWE
CWE-203

Observable Discrepancy

CWE-204

Observable Response Discrepancy