CVE-2021-36203

Summary

The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request.

Affected Software

VendorProductVersion RangeStatus
Johnnson ControlsMetasys System Configuration Tool (SCT)All < 14.2.2affected
Johnnson ControlsMetasys System Configuration Tool Pro (SCT Pro)All < 14.2.2affected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

ADP Enrichment

CVE Program Container

Additional References

References