Categories
Knowledge Support Support Categories exacqVision Webservice Products

An authenticated exacqVision Web Service user could access a web page that does not properly preserve the web page structure.

Overview

An authenticated exacqVision Web Service user could access a web page that does not properly preserve the web page structure.

Impact

The software does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed as output that is used as a web page that is served to other users.

Affected Versions

All versions of exacqVision Web Service up to and including 21.03.

Mitigation

Upgrade all previous versions of exacqVision Web Service to the latest version of 21.06+.

Current users can obtain the critical software update from the Software Downloads location at https://www.exacq.com/support/downloads.php.

Resources

Cyber Solutions Website – https://www.johnsoncontrols.com/cyber-solutions/security-advisories
CVE-2021-27659 – NIST National Vulnerability Database (NVD) https://nvd.nist.gov/vuln/detail/CVE-2021-27659 and MITRE CVE® https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27659