Johnsoncontrols Metasys System Configuration Tool — known CVE vulnerabilities
Every CVE whose affected-product data names Johnsoncontrols Metasys System Configuration Tool, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2020-9044 — CVSS 7.5 (high): XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of…
CVE-2022-21939 — CVSS 7.5 (high): Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and…
CVE-2022-21940 — CVSS 7.5 (high): Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14…
CVE-2021-36203 — CVSS 5.3 (medium): The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request.