CVE-2022-21941

Summary

All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system.

Affected Software

VendorProductVersion RangeStatus
Johnson ControlsiSTAR Ultraall versions prior to 6.8.9.CU01 < 6.8.9.CU01affected

Weaknesses

  • CWE-77: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CVE Program Container

Additional References

References