CVE-2024-0912

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions
Configurations

Configuration 1 (hide)

cpe:2.3:h:johnsoncontrols:software_house_c-cure_9000_siteserver:3.00.2:*:*:*:*:*:*:*

History

18 Jul 2024, 18:56

Type Values Removed Values Added
CPE cpe:2.3:h:johnsoncontrols:software_house_c-cure_9000_siteserver:3.00.2:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.2
First Time Johnsoncontrols
Johnsoncontrols software House C-cure 9000 Siteserver
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03 - Third Party Advisory, US Government Resource
References () https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf - () https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf - Product

06 Jun 2024, 14:17

Type Values Removed Values Added
Summary
  • (es) En determinadas circunstancias, Microsoft® Internet Information Server (IIS) utilizado para alojar el servidor web C•CURE 9000 registrará los detalles de las credenciales de Microsoft Windows en los registros. No hay ningún impacto en las interfaces de servicios que no son web C•CURE 9000 o versiones anteriores

06 Jun 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-06 00:15

Updated : 2024-07-18 18:56


NVD link : CVE-2024-0912

Mitre link : CVE-2024-0912

CVE.ORG link : CVE-2024-0912


JSON object : View

Products Affected

johnsoncontrols

  • software_house_c-cure_9000_siteserver
CWE
CWE-532

Insertion of Sensitive Information into Log File