CVE-2024-0912

June 6, 2024, 2:17 p.m.

None
No Score

Description

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions

Product(s) Impacted

Product Versions
Microsoft Internet Information Server (IIS)
  • UNKNOWN
C•CURE 9000 Web Server
  • prior versions
Microsoft Internet Information Server (IIS)
  • unknown

Weaknesses

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03
https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf

Tags

CWE-532
2024-06-06
CVE-2024-0912
productsecurity@jci.com

Date

  • Published: June 6, 2024, 12:15 a.m.
  • Last Modified: June 6, 2024, 2:17 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

productsecurity@jci.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.