ByteOS Network

Vulnerability Details :

CVE-2020-9044

Assigner-jci

Assigner Org ID-7281d04a-a537-43df-bfb4-fa4110af9d01

Published At-10 Mar, 2020 | 19:28

Updated At-04 Aug, 2024 | 10:19

Metasys Improper Restriction of XML External Entity Reference

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE55/NIE59) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versions 10.1 and prior; Metasys LonWorks Control Server (LCS) versions 10.1 and prior; Metasys System Configuration Tool (SCT) versions 13.2 and prior; Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) version 8.1.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:jci

Assigner Org ID:7281d04a-a537-43df-bfb4-fa4110af9d01

Published At:10 Mar, 2020 | 19:28

Updated At:04 Aug, 2024 | 10:19

▼CVE Numbering Authority (CNA)

Metasys Improper Restriction of XML External Entity Reference

version 8.1

Problem Types

Type	CWE ID	Description
CWE	CWE-611	CWE-611 - Information Leak Through XML External Entity File Disclosure

Type: CWE

CWE ID: CWE-611

Description: CWE-611 - Information Leak Through XML External Entity File Disclosure

Metrics

Version	Base score	Base severity	Vector
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Solutions

Johnson Controls has developed a patch to address this issue. Customers should contact their local branch office for remediation.

Credits

Lukasz Rupala

References

Hyperlink	Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories	x_refsource_CONFIRM
https://www.us-cert.gov/ics/advisories/icsa-20-070-05	third-party-advisory x_refsource_CERT

Hyperlink: https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Resource:

x_refsource_CONFIRM

Hyperlink: https://www.us-cert.gov/ics/advisories/icsa-20-070-05

Resource:

third-party-advisory

x_refsource_CERT

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories	x_refsource_CONFIRM x_transferred
https://www.us-cert.gov/ics/advisories/icsa-20-070-05	third-party-advisory x_refsource_CERT x_transferred

Hyperlink: https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://www.us-cert.gov/ics/advisories/icsa-20-070-05

Resource:

third-party-advisory

x_refsource_CERT

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:productsecurity@jci.com

Published At:10 Mar, 2020 | 20:15

Updated At:11 Mar, 2020 | 21:28

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:P

Type: Primary

Version: 3.1

Base score: 9.1

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 6.4

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:P

CPE Matches

johnsoncontrols>>metasys_application_and_data_server>>Versions up to 10.1(inclusive)

cpe:2.3:a:johnsoncontrols:metasys_application_and_data_server:*:*:*:*:*:*:*:*

johnsoncontrols>>metasys_application_and_data_server>>Versions up to 10.1(inclusive)

cpe:2.3:a:johnsoncontrols:metasys_application_and_data_server:*:*:*:*:lite:*:*:*

johnsoncontrols>>metasys_extended_application_and_data_server>>Versions up to 10.1(inclusive)

cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server:*:*:*:*:*:*:*:*

johnsoncontrols>>metasys_lonworks_control_server>>Versions up to 10.1(inclusive)

cpe:2.3:a:johnsoncontrols:metasys_lonworks_control_server:*:*:*:*:*:*:*:*

johnsoncontrols>>metasys_open_application_server>>10.1

cpe:2.3:a:johnsoncontrols:metasys_open_application_server:10.1:*:*:*:*:*:*:*

johnsoncontrols>>metasys_open_data_server>>Versions up to 10.1(inclusive)

cpe:2.3:a:johnsoncontrols:metasys_open_data_server:*:*:*:*:*:*:*:*

johnsoncontrols>>metasys_system_configuration_tool>>Versions up to 13.2(inclusive)

cpe:2.3:a:johnsoncontrols:metasys_system_configuration_tool:*:*:*:*:*:*:*:*

johnsoncontrols>>nae55_firmware>>9.0.1

cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.1:*:*:*:*:*:*:*

johnsoncontrols>>nae55_firmware>>9.0.2

cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.2:*:*:*:*:*:*:*

johnsoncontrols>>nae55_firmware>>9.0.3

cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.3:*:*:*:*:*:*:*

johnsoncontrols>>nae55_firmware>>9.0.5

cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.5:*:*:*:*:*:*:*

johnsoncontrols>>nae55_firmware>>9.0.6

cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.6:*:*:*:*:*:*:*

johnsoncontrols>>nae55>>-

cpe:2.3:h:johnsoncontrols:nae55:-:*:*:*:*:*:*:*

johnsoncontrols>>nie55_firmware>>9.0.1

cpe:2.3:o:johnsoncontrols:nie55_firmware:9.0.1:*:*:*:*:*:*:*

johnsoncontrols>>nie55_firmware>>9.0.2

cpe:2.3:o:johnsoncontrols:nie55_firmware:9.0.2:*:*:*:*:*:*:*

johnsoncontrols>>nie55_firmware>>9.0.3

cpe:2.3:o:johnsoncontrols:nie55_firmware:9.0.3:*:*:*:*:*:*:*

johnsoncontrols>>nie55_firmware>>9.0.5

cpe:2.3:o:johnsoncontrols:nie55_firmware:9.0.5:*:*:*:*:*:*:*

johnsoncontrols>>nie55_firmware>>9.0.6

cpe:2.3:o:johnsoncontrols:nie55_firmware:9.0.6:*:*:*:*:*:*:*

johnsoncontrols>>nie55>>-

cpe:2.3:h:johnsoncontrols:nie55:-:*:*:*:*:*:*:*

johnsoncontrols>>nie59_firmware>>9.0.1

cpe:2.3:o:johnsoncontrols:nie59_firmware:9.0.1:*:*:*:*:*:*:*

johnsoncontrols>>nie59_firmware>>9.0.2

cpe:2.3:o:johnsoncontrols:nie59_firmware:9.0.2:*:*:*:*:*:*:*

johnsoncontrols>>nie59_firmware>>9.0.3

cpe:2.3:o:johnsoncontrols:nie59_firmware:9.0.3:*:*:*:*:*:*:*

johnsoncontrols>>nie59_firmware>>9.0.5

cpe:2.3:o:johnsoncontrols:nie59_firmware:9.0.5:*:*:*:*:*:*:*

johnsoncontrols>>nie59_firmware>>9.0.6

cpe:2.3:o:johnsoncontrols:nie59_firmware:9.0.6:*:*:*:*:*:*:*

johnsoncontrols>>nie59>>-

cpe:2.3:h:johnsoncontrols:nie59:-:*:*:*:*:*:*:*

johnsoncontrols>>nae85_firmware>>Versions up to 10.1(inclusive)

cpe:2.3:o:johnsoncontrols:nae85_firmware:*:*:*:*:*:*:*:*

johnsoncontrols>>nae85>>-

cpe:2.3:h:johnsoncontrols:nae85:-:*:*:*:*:*:*:*

johnsoncontrols>>nie85_firmware>>Versions up to 10.1(inclusive)

cpe:2.3:o:johnsoncontrols:nie85_firmware:*:*:*:*:*:*:*:*

johnsoncontrols>>nie85>>-

cpe:2.3:h:johnsoncontrols:nie85:-:*:*:*:*:*:*:*

johnsoncontrols>>nae55_firmware>>8.1

cpe:2.3:o:johnsoncontrols:nae55_firmware:8.1:*:*:*:*:*:*:*

johnsoncontrols>>nae55>>-

cpe:2.3:h:johnsoncontrols:nae55:-:*:*:*:*:*:*:*

johnsoncontrols>>ul_864_uukl_firmware>>8.1

cpe:2.3:o:johnsoncontrols:ul_864_uukl_firmware:8.1:*:*:*:*:*:*:*

johnsoncontrols>>ul_864_uukl>>-

cpe:2.3:h:johnsoncontrols:ul_864_uukl:-:*:*:*:*:*:*:*

johnsoncontrols>>ord-c100-13_uuklc_firmware>>8.1

cpe:2.3:o:johnsoncontrols:ord-c100-13_uuklc_firmware:8.1:*:*:*:*:*:*:*

johnsoncontrols>>ord-c100-13_uuklc>>-

cpe:2.3:h:johnsoncontrols:ord-c100-13_uuklc:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-611	Primary	nvd@nist.gov
CWE-611	Secondary	productsecurity@jci.com

CWE ID: CWE-611

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-611

Type: Secondary

Source: productsecurity@jci.com

References

Hyperlink	Source	Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories	productsecurity@jci.com	Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-070-05	productsecurity@jci.com	Third Party Advisory US Government Resource

Hyperlink: https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Source: productsecurity@jci.com

Resource:

Vendor Advisory

Hyperlink: https://www.us-cert.gov/ics/advisories/icsa-20-070-05

Source: productsecurity@jci.com

Resource:

Third Party Advisory

US Government Resource

Similar CVEs

106Records found

CVE-2021-20399

Matching Score-4

Assigner-IBM Corporation

View Details

Matching Score-4

Assigner-IBM Corporation

CVSS Score-7.1||HIGH

EPSS-0.55% / 66.77%

7 Day CHG~0.00%

Published-27 Jul, 2021 | 11:25

Updated-17 Sep, 2024 | 03:34

IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196073.

Vendor-IBM Corporation Linux Kernel Organization, Inc

Product-qradar_security_information_and_event_manager linux_kernel QRadar SIEM

CWE ID-CWE-611

Improper Restriction of XML External Entity Reference

CVE-2021-20353

Matching Score-4

Assigner-IBM Corporation

View Details

Matching Score-4

Assigner-IBM Corporation

CVSS Score-8.2||HIGH

EPSS-1.48% / 80.23%

7 Day CHG~0.00%

Published-10 Feb, 2021 | 17:00

Updated-16 Sep, 2024 | 16:13

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882.

Vendor-IBM Corporation

Product-websphere_application_server WebSphere Application Server

CWE ID-CWE-611

Improper Restriction of XML External Entity Reference

CVE-2020-6958

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-9.1||CRITICAL

EPSS-0.51% / 65.34%

7 Day CHG~0.00%

Published-13 Jan, 2020 | 23:07

Updated-04 Aug, 2024 | 09:18

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service.

Vendor-yet_another_java_service_wrapper_project n/a

Product-yet_another_java_service_wrapper n/a

CWE ID-CWE-611

Improper Restriction of XML External Entity Reference

CVE-2020-6238

Matching Score-4

Assigner-SAP SE

View Details

Matching Score-4

Assigner-SAP SE

CVSS Score-9.3||CRITICAL

EPSS-0.41% / 60.38%

7 Day CHG~0.00%

Published-14 Apr, 2020 | 18:39

Updated-04 Aug, 2024 | 08:55

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce.

Vendor-SAP SE

Product-commerce_cloud SAP Commerce

CWE ID-CWE-611

Improper Restriction of XML External Entity Reference

CVE-2020-4876

Matching Score-4

Assigner-IBM Corporation

View Details

Matching Score-4

Assigner-IBM Corporation

CVSS Score-7.1||HIGH

EPSS-0.37% / 58.02%

7 Day CHG~0.00%

Published-21 Jan, 2022 | 17:20

Updated-17 Sep, 2024 | 01:16

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839.

Vendor-Microsoft Corporation IBM Corporation

Product-windows cognos_controller Cognos Controller

CWE ID-CWE-611

Improper Restriction of XML External Entity Reference

CVE-2020-4300

Matching Score-4

Assigner-IBM Corporation

View Details

Matching Score-4

Assigner-IBM Corporation

CVSS Score-8.2||HIGH

EPSS-0.18% / 40.54%

7 Day CHG~0.00%

Published-31 May, 2021 | 15:10

Updated-17 Sep, 2024 | 00:20

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 176607.

Vendor-IBM Corporation NetApp, Inc.

Product-cognos_analytics oncommand_insight Cognos Analytics

CWE ID-CWE-611

Improper Restriction of XML External Entity Reference

CVE-2020-9044

Credits

Metasys Improper Restriction of XML External Entity Reference

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs