Rewterz Threat Advisory – Cisco Webex Meetings cross-site scripting
February 18, 2021Rewterz Threat Advisory – ICS: Schneider Electric EcoStruxure Power Build-Rapsody
February 19, 2021Rewterz Threat Advisory – Cisco Webex Meetings cross-site scripting
February 18, 2021Rewterz Threat Advisory – ICS: Schneider Electric EcoStruxure Power Build-Rapsody
February 19, 2021Severity
Medium
Analysis Summary
CVE-2020-9050
Metasys Reporting Engine (MRE) Web Services does not properly sanitize pathname elements that can resolve to a location that is outside of the restricted directory.
Impact
Unauthenticated access
Affected Vendors
Johnson Controls
Affected Products
Johnson Controls MRE – v2.0
MRE – v2.1
Remediation
Johnson Controls recommends users upgrade to MRE v2.2 or later.