VYPR

Kantech EntraPass Corporate Edition

by Johnson Controls

CVEs (2)

  • CVE-2019-7589CriMar 10, 2020
    risk 0.64cvss 9.8epss 0.02

    A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate…

  • CVE-2020-9046HigMay 26, 2020
    risk 0.57cvss 8.8epss 0.00

    A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files.