CVE-2024-0912

June 6, 2024, 2:17 p.m.

Tags

CWE-532
2024-06-06
CVE-2024-0912
productsecurity@jci.com

Product(s) Impacted

Microsoft Internet Information Server (IIS)

  • UNKNOWN

C•CURE 9000 Web Server

  • prior versions

Microsoft Internet Information Server (IIS)

  • unknown

Description

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions

Weaknesses

Date

Published: June 6, 2024, 12:15 a.m.

Last Modified: June 6, 2024, 2:17 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

productsecurity@jci.com

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03
productsecurity@jci.com
https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf
productsecurity@jci.com