Rewterz Threat Advisory –CVE-2021-29744 – IBM Maximo Asset Management Vulnerability
August 29, 2021Rewterz Threat Advisory – CVE-2021-23434 – Node.js Object-Path Module Vulnerability
August 30, 2021Rewterz Threat Advisory –CVE-2021-29744 – IBM Maximo Asset Management Vulnerability
August 29, 2021Rewterz Threat Advisory – CVE-2021-23434 – Node.js Object-Path Module Vulnerability
August 30, 2021Severity
High
Analysis Summary
CVE-2021-27663
Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000 could allow a remote attacker to bypass security restrictions, caused by the failure to perform an adequate authorization check for functionality that requires a provable user identity. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
Impact
- Security Bypass
- Unauthorized Access
Affected Vendors
Johnson Controls
Affected Products
- Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000 10.1
- Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000 10.5
Remediation
Refer to Johnson Controls JCI-PSA-2021-15 for patch, upgrade or suggested workaround information.