Support Portal CMS

Tag: version 21.03

An authenticated exacqVision Web Service user could access a web page that does not properly preserve the web page structure.

Post author By Bhargav Atturu
Post date June 25, 2021

Overview

An authenticated exacqVision Web Service user could access a web page that does not properly preserve the web page structure.

Impact

The software does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed as output that is used as a web page that is served to other users.

Affected Versions

All versions of exacqVision Web Service up to and including 21.03.

Mitigation

Upgrade all previous versions of exacqVision Web Service to the latest version of 21.06+.

Current users can obtain the critical software update from the Software Downloads location at https://www.exacq.com/support/downloads.php.

Resources

Cyber Solutions Website – https://www.johnsoncontrols.com/cyber-solutions/security-advisories
CVE-2021-27659 – NIST National Vulnerability Database (NVD) https://nvd.nist.gov/vuln/detail/CVE-2021-27659 and MITRE CVE® https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27659

Tags Level2, version 21.03, 5930, CVE-2021-27659, fixed in 21.06+, exacqVision Web Service, Vulnerability

Knowledge Support Support exacqVision Enterprise Categories Products

An authenticated exacqVision Enterprise Manager user could access a web page that does not properly preserve the web page structure.

Post author By Bhargav Atturu
Post date June 24, 2021

Overview

An authenticated exacqVision Enterprise Manager user could access a web page that does not properly preserve the web page structure.

Impact

The software does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed as output used as a web page that is served to other users.

Affected Versions

All versions of exacqVision Enterprise Manager up to and including version 20.12.

Mitigation

Upgrade all previous versions of exacqVision Enterprise Manager to the latest version 21.03+.

Current users can obtain the critical software update from the Software Downloads location https://www.exacq.com/support/downloads.php?section=esm

Resources

Cyber Solutions Website – https://www.johnsoncontrols.com/cyber-solutions/security-advisories JCI-PSA-2021-08
CVE-2021-27658 – NIST National Vulnerability Database (NVD) https://nvd.nist.gov/vuln/detail/CVE-2021-27658 and MITRE CVE® https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27658

Tags 5890, exacqVision Enterprise Manager, CVE-2021-27658, version 21.03, Vulnerability, Level2