Rewterz Threat Alert – CADDYWIPER Used in Attacks Against Ukraine – Active IOCs – Russian-Ukrainian Cyber Warfare
April 14, 2022Rewterz Threat Advisory – Multiple Citrix Vulnerabilities
April 15, 2022Rewterz Threat Alert – CADDYWIPER Used in Attacks Against Ukraine – Active IOCs – Russian-Ukrainian Cyber Warfare
April 14, 2022Rewterz Threat Advisory – Multiple Citrix Vulnerabilities
April 15, 2022Severity
High
Analysis Summary
CVE-2021-36205
Johnson Controls Metasys could allow a remote authenticated attacker to obtain sensitive information, caused by an issue with session token is not cleared on logout. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain session token information, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2021-36205
Affected Vendors
- Johnson Controls
Affected Products
- Johnson Controls Metasys 10
- Johnson Controls Metasys 11
Remediation
Refer to Johnson Controls for patch, upgrade or suggested workaround information.