Johnsoncontrols Exacqvision Web Service — known CVE vulnerabilities
Every CVE whose affected-product data names Johnsoncontrols Exacqvision Web Service, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2021-27664 — CVSS 9.8 (critical): Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.
CVE-2020-9047 — CVSS 6.8 (medium): A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web…
CVE-2024-32862 — CVSS 6.8 (medium): Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains.
CVE-2024-32863 — CVSS 6.8 (medium): Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF)
CVE-2024-32864 — CVSS 6.4 (medium): Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS)
CVE-2024-32931 — CVSS 5.7 (medium): Under certain circumstances the exacqVision Web Service can expose authentication token details within communications.
CVE-2021-27659 — CVSS 5.3 (medium): exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in…
CVE-2021-27656 — CVSS 5.3 (medium): A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information…