Rewterz Threat Advisory – Multiple IBM Vulnerabilities
March 21, 2022Rewterz Threat Alert – CaddyWipper Ransomware – Active IOCs
March 21, 2022Rewterz Threat Advisory – Multiple IBM Vulnerabilities
March 21, 2022Rewterz Threat Alert – CaddyWipper Ransomware – Active IOCs
March 21, 2022Severity
High
Analysis Summary
CVE-2021-36202
Johnson Controls Metasys ADS/ADX/OAS Servers could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the MUI PDF export feature. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
Indicators Of Compromise
CVE
- CVE-2021-36202
Affected Vendors
- Johnson Controls
Affected Products
- Johnson Controls Metasys ADS/ADX/OAS 10
- Johnson Controls Metasys ADS/ADX/OAS 11
Remediation
Refer to Johnson Controls for patch, upgrade or suggested workaround information.