CVE-2021-36201 Information

Description

Under certain circumstances a C•CURE Portal user could enumerate user accounts in C•CURE 9000 version 2.90 and prior versions. This issue affects: C•CURE 9000 2.90 and earlier version 2.90 and prior versions.

Reference

https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-03 https://www.johnsoncontrols.com/cyber-solutions/security-advisories