Skip to main content

Metasys Extended Application And Data Server

6 CVEs product

Monthly

CVE-2022-21936 MEDIUM This Month

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Metasys Extended Application And Data Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-21938 MEDIUM This Month

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Metasys Application And Data Server Metasys Extended Application And Data Server Metasys Open Application Server
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-21937 MEDIUM This Month

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Metasys Application And Data Server Metasys Extended Application And Data Server Metasys Open Application Server
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-21935 HIGH This Week

A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Metasys Application And Data Server Metasys Extended Application And Data Server Metasys Open Application Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-21934 HIGH This Week

Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Metasys Application And Data Server Metasys Extended Application And Data Server Metasys Open Application Server
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-9044 CRITICAL Act Now

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Metasys Application And Data Server Metasys Extended Application And Data Server Metasys Lonworks Control Server Metasys Open Application Server +9
NVD
CVSS 3.1
9.1
EPSS
1.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Metasys Extended Application And Data Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Metasys Application And Data Server Metasys Extended Application And Data Server +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Metasys Application And Data Server Metasys Extended Application And Data Server +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Metasys Application And Data Server Metasys Extended Application And Data Server +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Metasys Application And Data Server Metasys Extended Application And Data Server +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Metasys Application And Data Server Metasys Extended Application And Data Server +11
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy