CVE-2024-0912

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-0912
Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions

4.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.6 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03 Third Party Advisory US Government Resource
https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf Product
Configurations

Configuration 1 (hide)

cpe:2.3:h:johnsoncontrols:software_house_c-cure_9000_siteserver:3.00.2:*:*:*:*:*:*:*
History

18 Jul 2024, 18:56

Type Values Removed Values Added
CPE cpe:2.3:h:johnsoncontrols:software_house_c-cure_9000_siteserver:3.00.2:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.2
First Time Johnsoncontrols
Johnsoncontrols software House C-cure 9000 Siteserver
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03 - Third Party Advisory, US Government Resource
References () https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf - () https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf - Product

06 Jun 2024, 14:17

Type Values Removed Values Added
Summary
  • (es) En determinadas circunstancias, Microsoft® Internet Information Server (IIS) utilizado para alojar el servidor web C•CURE 9000 registrará los detalles de las credenciales de Microsoft Windows en los registros. No hay ningún impacto en las interfaces de servicios que no son web C•CURE 9000 o versiones anteriores

06 Jun 2024, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-06 00:15

Updated : 2024-07-18 18:56

NVD link : CVE-2024-0912

Mitre link : CVE-2024-0912

CVE.ORG link : CVE-2024-0912

JSON object : View

Products Affected

johnsoncontrols

  • software_house_c-cure_9000_siteserver
CWE
CWE-532

Insertion of Sensitive Information into Log File