Under certain circumstances, invalid authentication...
High severity
Unreviewed
Published
Dec 7, 2023
to the GitHub Advisory Database
•
Updated Dec 13, 2023
Description
Published by the National Vulnerability Database
Dec 7, 2023
Published to the GitHub Advisory Database
Dec 7, 2023
Last updated
Dec 13, 2023
Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to version 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.
References