![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – Cisco Webex Meetings cross-site scripting
February 18, 2021![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – ICS: Schneider Electric EcoStruxure Power Build-Rapsody
February 19, 2021![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – Cisco Webex Meetings cross-site scripting
February 18, 2021![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – ICS: Schneider Electric EcoStruxure Power Build-Rapsody
February 19, 2021Severity
Medium
Analysis Summary
CVE-2020-9050
Metasys Reporting Engine (MRE) Web Services does not properly sanitize pathname elements that can resolve to a location that is outside of the restricted directory.
Impact
Unauthenticated access
Affected Vendors
Johnson Controls
Affected Products
Johnson Controls MRE – v2.0
MRE – v2.1
Remediation
Johnson Controls recommends users upgrade to MRE v2.2 or later.