Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-2847 | 1 Honeywell | 1 Tuxedo Touch | 2015-07-27 | 5.0 MEDIUM | N/A |
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream. | |||||
CVE-2015-2848 | 1 Honeywell | 1 Tuxedo Touch | 2015-07-27 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command. |