PT-2023-17421 · Johnson Controls · Openblue Enterprise Manager Data Collector

Rushank Shetty

·

Published

2023-05-18

·

Updated

2023-05-25

·

CVE-2023-2025

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75
Description The issue may expose sensitive information to an unauthorized user under certain circumstances.
Recommendations For versions prior to 3.2.5.75, update to version 3.2.5.75 or later to resolve the issue.

Fix

Exposure of Resource to Wrong Sphere

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-668CWE-200

Related Identifiers

CVE-2023-2025

Affected Products

Openblue Enterprise Manager Data Collector