CVE-2021-36201 | HackTesting

Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions.

Kim Syversen and Mathias Kjølleberg Førland reported this vulnerability to Johnson Controls