PT-2018-10013 · Johnson Controls · Bcpro+1

Dan Regalado

Publicado

2018-08-01

Atualizado

2024-09-17

CVE-2018-10624

CVSS v3.1

6.5

Média

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Johnson Controls Metasys System versions 8.0 and prior BCPro (BCM) versions prior to 3.0.2

Description This issue results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.

Recommendations For Johnson Controls Metasys System versions 8.0 and prior, update to a version later than 8.0 to resolve the issue. For BCPro (BCM) versions prior to 3.0.2, update to version 3.0.2 or later to resolve the issue.

Correção

Generation of Error Message Containing Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-388CWE-209

Identificadores relacionados

CVE-2018-10624

Produtos afetados

Bcpro

Johnson Controls Metasys System

PT-2018-10013 · Johnson Controls · Bcpro+1

CVE-2018-10624

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6