{"containers":{"cna":{"affected":[{"product":"Kantech EntraPass Corporate Edition","vendor":"Johnson Controls","versions":[{"status":"affected","version":"versions 8.0 and prior"}]},{"product":"Kantech EntraPass Global Edition","vendor":"Johnson Controls","versions":[{"status":"affected","version":"versions 8.0 and prior"}]}],"credits":[{"lang":"en","value":"Joachim Kerschbaumer"}],"descriptions":[{"lang":"en","value":"A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20 - Improper Input Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2020-03-10T19:32:39.000Z","orgId":"7281d04a-a537-43df-bfb4-fa4110af9d01","shortName":"jci"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://www.johnsoncontrols.com/cyber-solutions/security-advisories"},{"name":"ICS-CERT Advisory","tags":["third-party-advisory","x_refsource_CERT"],"url":"https://www.us-cert.gov/ics/advisories/icsa-20-070-04"}],"solutions":[{"lang":"en","value":"Upgrade impacted Kantech EntraPass Global and Corporate edition software to version 8.10."}],"source":{"discovery":"EXTERNAL"},"title":"Kantech EntraPass Improper Input Validation","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"productsecurity@jci.com","ID":"CVE-2019-7589","STATE":"PUBLIC","TITLE":"Kantech EntraPass Improper Input Validation"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Kantech EntraPass Corporate Edition","version":{"version_data":[{"version_value":"versions 8.0 and prior"}]}},{"product_name":"Kantech EntraPass Global Edition","version":{"version_data":[{"version_value":"versions 8.0 and prior"}]}}]},"vendor_name":"Johnson Controls"}]}},"credit":[{"lang":"eng","value":"Joachim Kerschbaumer"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20 - Improper Input Validation"}]}]},"references":{"reference_data":[{"name":"https://www.johnsoncontrols.com/cyber-solutions/security-advisories","refsource":"CONFIRM","url":"https://www.johnsoncontrols.com/cyber-solutions/security-advisories"},{"name":"ICS-CERT Advisory","refsource":"CERT","url":"https://www.us-cert.gov/ics/advisories/icsa-20-070-04"}]},"solution":[{"lang":"en","value":"Upgrade impacted Kantech EntraPass Global and Corporate edition software to version 8.10."}],"source":{"discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T20:54:28.476Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.johnsoncontrols.com/cyber-solutions/security-advisories"},{"name":"ICS-CERT Advisory","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"https://www.us-cert.gov/ics/advisories/icsa-20-070-04"}]}]},"cveMetadata":{"assignerOrgId":"7281d04a-a537-43df-bfb4-fa4110af9d01","assignerShortName":"jci","cveId":"CVE-2019-7589","datePublished":"2020-03-10T19:32:39.000Z","dateReserved":"2019-02-07T00:00:00.000Z","dateUpdated":"2024-08-04T20:54:28.476Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}