CVE-2021-36202: Metasys UI
First published: Thu Apr 07 2022(Updated: )
Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0.2.
Credit: productsecurity@jci.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Johnsoncontrols Metasys Application And Data Server | >=10.0<10.1.5 | |
| Johnsoncontrols Metasys Application And Data Server | >=11.0<11.0.2 | |
| Johnsoncontrols Metasys Extended Application And Data Server | >=10.0<10.1.5 | |
| Johnsoncontrols Metasys Extended Application And Data Server | >=11.0<11.0.2 | |
| Johnsoncontrols Metasys Open Application Server | >=10.0<10.1.5 | |
| Johnsoncontrols Metasys Open Application Server | >=11.0<11.0.2 | |
| Johnson Controls Inc. Metasys ADS/ADX/OAS Versions 10 and 11 |
Remedy
Update all Metasys ADS/ADX/OAS 10 versions with patch 10.1.5.
Remedy
Update all Metasys ADS/ADX/OAS 11 versions with patch 11.0.2.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SSRF vulnerability?
The vulnerability ID for this SSRF vulnerability is CVE-2021-36202.
What is the severity rating of CVE-2021-36202?
The severity rating of CVE-2021-36202 is high (8.8).
How does the SSRF vulnerability in Johnson Controls Metasys work?
The SSRF vulnerability in Johnson Controls Metasys allows an authenticated attacker to inject malicious code into the MUI PDF export feature.
Which versions of Johnson Controls Metasys are affected by this vulnerability?
This vulnerability affects all 10 versions prior to 10.1.5 and all 11 versions prior to 11.0.2 of Johnson Controls Metasys.
How can I fix the SSRF vulnerability in Johnson Controls Metasys?
To fix the SSRF vulnerability, update Johnson Controls Metasys to version 10.1.5 or 11.0.2 or later.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/event
- agent/tags
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/johnsoncontrols
- canonical/johnsoncontrols metasys application and data server
- version/johnsoncontrols metasys application and data server/10.0
- version/johnsoncontrols metasys application and data server/11.0
- canonical/johnsoncontrols metasys extended application and data server
- version/johnsoncontrols metasys extended application and data server/10.0
- version/johnsoncontrols metasys extended application and data server/11.0
- canonical/johnsoncontrols metasys open application server
- version/johnsoncontrols metasys open application server/10.0
- version/johnsoncontrols metasys open application server/11.0
- vendor/johnson controls inc.
- canonical/johnson controls inc. metasys ads/adx/oas versions 10 and 11