{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T20:50:33.387","vulnerabilities":[{"cve":{"id":"CVE-2024-0912","sourceIdentifier":"productsecurity@jci.com","published":"2024-06-06T00:15:09.117","lastModified":"2024-11-21T08:47:42.203","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions"},{"lang":"es","value":"En determinadas circunstancias, Microsoft® Internet Information Server (IIS) utilizado para alojar el servidor web C•CURE 9000 registrará los detalles de las credenciales de Microsoft Windows en los registros. No hay ningún impacto en las interfaces de servicios que no son web C•CURE 9000 o versiones anteriores"}],"metrics":{"cvssMetricV40":[{"source":"productsecurity@jci.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.6,"impactScore":3.6}]},"weaknesses":[{"source":"productsecurity@jci.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:johnsoncontrols:software_house_c-cure_9000_siteserver:3.00.2:*:*:*:*:*:*:*","matchCriteriaId":"62D6108E-959F-4F1B-8E6C-6BE05071C1EE"}]}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03","source":"productsecurity@jci.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf","source":"productsecurity@jci.com","tags":["Product"]},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}}]}