VYPR

Software House C•CURE 9000

by Johnson Controls

CVEs (4)

  • CVE-2024-32861HigJul 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Under certain circumstances the impacted Software House C•CURE 9000 installer will utilize unnecessarily wide permissions.

  • CVE-2024-0912Jun 5, 2024
    risk 0.00cvss epss 0.00

    Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions

  • CVE-2020-9049Nov 19, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for…

  • CVE-2020-9045May 21, 2020
    risk 0.00cvss epss 0.01

    During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation.