CVE-2020-9050

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
19/02/2021
Last modified:
26/02/2021

Description

Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:johnsoncontrols:metasys_reporting_engine:2.0:*:*:*:*:*:*:*
cpe:2.3:a:johnsoncontrols:metasys_reporting_engine:2.1:*:*:*:*:*:*:*