CVE-2024-0912

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf", "name": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf", "tags": ["Product"], "refsource": ""}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03", "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Under certain circumstances the Microsoft\u00ae Internet Information Server (IIS) used to host the C\u2022CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C\u2022CURE 9000 or prior versions"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-532"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-0912", "ASSIGNER": "productsecurity@jci.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.6}}, "publishedDate": "2024-06-06T00:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:johnsoncontrols:software_house_c-cure_9000_siteserver:3.00.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-07-18T18:56Z"}