What is the severity of CVE-2021-27658?

The severity of CVE-2021-27658 is medium with a CVSS score of 5.4.

How does CVE-2021-27658 affect exacqVision Enterprise Manager?

CVE-2021-27658 affects exacqVision Enterprise Manager version 20.12.

What is the CWE classification of CVE-2021-27658?

CVE-2021-27658 is classified as CWE-79, which is a Cross-Site Scripting vulnerability.

How can I fix CVE-2021-27658?

To fix CVE-2021-27658, it is recommended to update to a version of exacqVision Enterprise Manager that includes the necessary validation, filtering, and encoding of user input.

Where can I find more information about CVE-2021-27658?

More information about CVE-2021-27658 can be found at the following sources: [1] https://us-cert.cisa.gov/ics/advisories/icsa-21-180-02 [2] https://us-cert.gov/ics/advisories [3] https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Vulnerability/
CVE-2021-27658

medium

5.4

CWE

24/6/2021

3/8/2024

CVE-2021-27658: exacqVision Enterprise Manager CSS

First published: Thu Jun 24 2021(Updated: )

exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.

Credit: productsecurity@jci.com

Affected Software	Affected Version	How to fix
Johnsoncontrols Exacqvision Enterprise Manager	<=20.12
Exacq Technologies, Inc., a subsidiary of Johnson Controls Inc. exacqVision Enterprise Manager: Version 20.12 and prior

Remedy

Upgrade all previous versions of exacqVision Enterprise Manager to the latest version of 21.03. Current users can obtain the critical software update from the Software Downloads location at https://www.exacq.com/support/downloads.php.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-21-180-02

Frequently Asked Questions

What is the severity of CVE-2021-27658?
The severity of CVE-2021-27658 is medium with a CVSS score of 5.4.
How does CVE-2021-27658 affect exacqVision Enterprise Manager?
CVE-2021-27658 affects exacqVision Enterprise Manager version 20.12.
What is the CWE classification of CVE-2021-27658?
CVE-2021-27658 is classified as CWE-79, which is a Cross-Site Scripting vulnerability.
How can I fix CVE-2021-27658?
To fix CVE-2021-27658, it is recommended to update to a version of exacqVision Enterprise Manager that includes the necessary validation, filtering, and encoding of user input.
Where can I find more information about CVE-2021-27658?
More information about CVE-2021-27658 can be found at the following sources: [1] https://us-cert.cisa.gov/ics/advisories/icsa-21-180-02 [2] https://us-cert.gov/ics/advisories [3] https://www.johnsoncontrols.com/cyber-solutions/security-advisories

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/title
agent/weakness
agent/author
agent/remedy
agent/description
agent/first-publish-date
agent/references
agent/severity
agent/softwarecombine
agent/event
agent/tags
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/johnsoncontrols
canonical/johnsoncontrols exacqvision enterprise manager
version/johnsoncontrols exacqvision enterprise manager/20.12
vendor/exacq technologies, inc., a subsidiary of johnson controls inc.
canonical/exacq technologies, inc., a subsidiary of johnson controls inc. exacqvision enterprise manager: version 20.12 and prior

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.