{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T00:21:32.368","vulnerabilities":[{"cve":{"id":"CVE-2021-36201","sourceIdentifier":"productsecurity@jci.com","published":"2022-10-11T21:15:12.467","lastModified":"2024-11-21T06:13:18.377","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions."},{"lang":"es","value":"Bajo ciertas circunstancias, un usuario de CCURE Portal podría enumerar cuentas de usuario en CCURE 9000 versión 2.90 y versiones anteriores"}],"metrics":{"cvssMetricV31":[{"source":"productsecurity@jci.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"productsecurity@jci.com","type":"Secondary","description":[{"lang":"en","value":"CWE-204"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-203"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:johnsoncontrols:c-cure_9000_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.90","matchCriteriaId":"B04025F0-5B3B-41B0-A5E2-F1AE4CDD3E6C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:johnsoncontrols:c-cure_9000:-:*:*:*:*:*:*:*","matchCriteriaId":"4291DD2F-EB08-4F19-98FB-C5CC8B4F3B7C"}]}]}],"references":[{"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-03","source":"productsecurity@jci.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.johnsoncontrols.com/cyber-solutions/security-advisories","source":"productsecurity@jci.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.johnsoncontrols.com/cyber-solutions/security-advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}