CVE-2020-9050

Summary

Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system.

Affected Software

VendorProductVersion RangeStatus
Johnson ControlsMetasys Reporting Engine (MRE) Web Services versions 2.0 and 2.12.0affected
Johnson ControlsMetasys Reporting Engine (MRE) Web Services versions 2.0 and 2.12.1affected

Weaknesses

  • CWE 22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

References