Categories
Knowledge Support Support exacqVision Enterprise Categories Products

An authenticated exacqVision Enterprise Manager user could access a web page that does not properly preserve the web page structure.

An authenticated exacqVision Enterprise Manager user could access a web page that does not properly preserve the web page structure.

Overview

An authenticated exacqVision Enterprise Manager user could access a web page that does not properly preserve the web page structure.

Impact

The software does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed as output used as a web page that is served to other users.

Affected Versions

All versions of exacqVision Enterprise Manager up to and including version 20.12.

Mitigation

Upgrade all previous versions of exacqVision Enterprise Manager to the latest version 21.03+.

Current users can obtain the critical software update from the Software Downloads location https://www.exacq.com/support/downloads.php?section=esm

Resources

Cyber Solutions Website – https://www.johnsoncontrols.com/cyber-solutions/security-advisories JCI-PSA-2021-08
CVE-2021-27658 – NIST National Vulnerability Database (NVD) https://nvd.nist.gov/vuln/detail/CVE-2021-27658 and MITRE CVE® https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27658