Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2019-7589
PUBLISHED
More InfoOfficial Page
Assigner-jci
Assigner Org ID-7281d04a-a537-43df-bfb4-fa4110af9d01
View Known Exploited Vulnerability (KEV) details
Published At-10 Mar, 2020 | 19:32
Updated At-04 Aug, 2024 | 20:54
Rejected At-
▼CVE Numbering Authority (CNA)
Kantech EntraPass Improper Input Validation

A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior.

Affected Products
Vendor
Johnson Controls
Product
Kantech EntraPass Corporate Edition
Versions
Affected
  • versions 8.0 and prior
Vendor
Johnson Controls
Product
Kantech EntraPass Global Edition
Versions
Affected
  • versions 8.0 and prior
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 - Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Upgrade impacted Kantech EntraPass Global and Corporate edition software to version 8.10.

Configurations
Workarounds
Exploits
Credits
Joachim Kerschbaumer
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
x_refsource_CONFIRM
https://www.us-cert.gov/ics/advisories/icsa-20-070-04
third-party-advisory
x_refsource_CERT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
x_refsource_CONFIRM
x_transferred
https://www.us-cert.gov/ics/advisories/icsa-20-070-04
third-party-advisory
x_refsource_CERT
x_transferred
Details not found