What is the vulnerability ID of this security issue?

The vulnerability ID is CVE-2021-27659.

What is the severity level of CVE-2021-27659?

The severity level of CVE-2021-27659 is medium with a CVSS score of 6.1.

What software is affected by CVE-2021-27659?

exacqVision Web Service version 21.03 is affected by CVE-2021-27659.

How can I fix CVE-2021-27659?

To fix CVE-2021-27659, it is recommended to update exacqVision Web Service to a version that sufficiently validates, filters, escapes, and encodes user-controllable input.

Where can I find more information about CVE-2021-27659?

More information about CVE-2021-27659 can be found in the following references: [Link 1](https://us-cert.cisa.gov/ics/advisories/icsa-21-180-01), [Link 2](https://us-cert.gov/ics/advisories), [Link 3](https://www.johnsoncontrols.com/cyber-solutions/security-advisories).

Vulnerability/
CVE-2021-27659

medium

6.1

CWE

24/6/2021

3/8/2024

CVE-2021-27659: exacqVision Web Service CSS

First published: Thu Jun 24 2021(Updated: )

exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.

Credit: productsecurity@jci.com

Affected Software	Affected Version	How to fix
Johnsoncontrols Exacqvision Web Service	<=21.03
Exacq Technologies, Inc., a subsidiary of Johnson Controls Inc. exacqVision Web Service: Version 21.03 and prior

Remedy

Upgrade all previous versions of exacqVision Web Service to the latest version of 21.06. Current users can obtain the critical software update from the Software Downloads location at https://www.exacq.com/support/downloads.php.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-21-180-01

Frequently Asked Questions

What is the vulnerability ID of this security issue?
The vulnerability ID is CVE-2021-27659.
What is the severity level of CVE-2021-27659?
The severity level of CVE-2021-27659 is medium with a CVSS score of 6.1.
What software is affected by CVE-2021-27659?
exacqVision Web Service version 21.03 is affected by CVE-2021-27659.
How can I fix CVE-2021-27659?
To fix CVE-2021-27659, it is recommended to update exacqVision Web Service to a version that sufficiently validates, filters, escapes, and encodes user-controllable input.
Where can I find more information about CVE-2021-27659?
More information about CVE-2021-27659 can be found in the following references: [Link 1](https://us-cert.cisa.gov/ics/advisories/icsa-21-180-01), [Link 2](https://us-cert.gov/ics/advisories), [Link 3](https://www.johnsoncontrols.com/cyber-solutions/security-advisories).

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/title
agent/weakness
agent/author
agent/remedy
agent/description
agent/first-publish-date
agent/references
agent/severity
agent/softwarecombine
agent/event
agent/tags
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/johnsoncontrols
canonical/johnsoncontrols exacqvision web service
version/johnsoncontrols exacqvision web service/21.03
vendor/exacq technologies, inc., a subsidiary of johnson controls inc.
canonical/exacq technologies, inc., a subsidiary of johnson controls inc. exacqvision web service: version 21.03 and prior

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.