PT-2022-15192 · Johnson Controls · Metasys Adx Server
Published
2022-10-07
·
Updated
2022-10-13
·
CVE-2022-21936
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Metasys ADX Server version 12.0
Description
The issue allows an Active Directory user to execute validated actions without providing a valid password when using MVE SMP UI.
Recommendations
For Metasys ADX Server version 12.0, consider restricting access to the MVE SMP UI until a fix is available. As a temporary workaround, review and limit the validated actions that can be executed by Active Directory users to minimize potential impact.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Metasys Adx Server