Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03 | Third Party Advisory US Government Resource |
https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf | Product |
Configurations
Configuration 1 (hide)
|
History
18 Jul 2024, 18:56
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.2 |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03 - Third Party Advisory, US Government Resource | |
References | () https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf - Product | |
CPE | cpe:2.3:h:johnsoncontrols:software_house_c-cure_9000_siteserver:3.00.2:*:*:*:*:*:*:* | |
First Time |
Johnsoncontrols
Johnsoncontrols software House C-cure 9000 Siteserver |
06 Jun 2024, 14:17
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Jun 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-06 00:15
Updated : 2024-07-18 18:56
NVD link : CVE-2024-0912
Mitre link : CVE-2024-0912
CVE.ORG link : CVE-2024-0912
JSON object : View
Products Affected
johnsoncontrols
- software_house_c-cure_9000_siteserver
CWE
CWE-532
Insertion of Sensitive Information into Log File