{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T18:15:49.499","vulnerabilities":[{"cve":{"id":"CVE-2021-36200","sourceIdentifier":"productsecurity@jci.com","published":"2022-07-22T15:15:07.910","lastModified":"2024-11-21T06:13:18.243","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS\/ADX\/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users."},{"lang":"es","value":"Bajo determinadas circunstancias, un usuario no autenticado podrĂ­a acceder a la API web para las versiones de Metasys ADS\/ADX\/OAS versiones 10 anteriores a 10.1.6 y 11 anteriores a 11.0.2 y enumerar usuarios"}],"metrics":{"cvssMetricV31":[{"source":"productsecurity@jci.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"productsecurity@jci.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:johnsoncontrols:metasys_application_and_data_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0","versionEndExcluding":"10.1.6","matchCriteriaId":"DD7580CF-9B2D-441F-9F87-2D3AA0972F65"},{"vulnerable":true,"criteria":"cpe:2.3:a:johnsoncontrols:metasys_application_and_data_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"11.0.2","matchCriteriaId":"EA242516-72AD-4835-BE94-662CECD1DF78"},{"vulnerable":true,"criteria":"cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0","versionEndExcluding":"10.1.6","matchCriteriaId":"2C3A978D-692C-4023-8A2E-B1F28B57763B"},{"vulnerable":true,"criteria":"cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"11.0.2","matchCriteriaId":"B02A5890-8965-4CB6-B009-9C741D4D97F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:johnsoncontrols:metasys_open_application_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0","versionEndExcluding":"10.1.6","matchCriteriaId":"BA185C2A-D5DE-4346-A409-0C457D72848D"},{"vulnerable":true,"criteria":"cpe:2.3:a:johnsoncontrols:metasys_open_application_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"11.0.2","matchCriteriaId":"16B43D40-5D24-4011-B5E3-676EF38C2751"}]}]}],"references":[{"url":"https:\/\/www.cisa.gov\/uscert\/ics\/advisories\/icsa-22-202-02","source":"productsecurity@jci.com","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https:\/\/www.johnsoncontrols.com\/cyber-solutions\/security-advisories","source":"productsecurity@jci.com","tags":["Vendor Advisory"]},{"url":"https:\/\/www.cisa.gov\/uscert\/ics\/advisories\/icsa-22-202-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https:\/\/www.johnsoncontrols.com\/cyber-solutions\/security-advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}