← Back

CVE-2021-36203

nvd nist
Published: Apr 22, 2022Modified: Nov 21, 2024

JSON object

Loading...
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 3.9 / Impact: 5.2
Source: NVD

Description

The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request.

Affected (2)

Johnsoncontrols
1 product
Metasys System Configuration Tool
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Johnsoncontrols
Metasys System Configuration Tool
Before 14.2.2
Metasys System Configuration Tool
Before 14.2.2

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

Source: productsecurity@jci.com
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.