CVE-2018-10624

CVE-2018-10624: Johnson Controls Metasys and BCPro Generation of Error Message Containing Sensitive Information

Vendor Johnson Controls
Product Metasys System
Weakness CWE-209 · Error message info leak
Published August 1, 2018
Last update September 17, 2024

CVSS base score

What the vulnerability does

01Description

In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.

Key dates

02Disclosure timeline

August 1, 2018 CVE published
September 17, 2024 Record updated