CVE-2020-9045— C•CURE 9000 and victor Video Management System - Cleartext storage of user credentials upon installation or upgrade of software.
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-9045
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
C•CURE 9000 and victor Video Management System - Cleartext storage of user credentials upon installation or upgrade of software.
Source: NVD (National Vulnerability Database)
Vulnerability Description
During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据的明文存储
Source: NVD (National Vulnerability Database)
Vulnerability Title
Johnson Controls Software House C?CURE 9000和American Dynamics victor Video Management System 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Johnson Controls Software House C?CURE 9000和American Dynamics victor Video Management System都是美国江森自控(Johnson Controls)公司的产品。Software House C?CURE 9000是一套可扩展的多站点访问控制和警报监控系统。American Dynamics victor Video Management System是一套监控视频管理系统。 Johnson Controls Softw
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Johnson Controls | Software House C•CURE 9000 v2.70 | 2.70 | - | |
| Johnson Controls | American Dynamics victor Video Management System v5.2 | 5.2 | - |
II. Public POCs for CVE-2020-9045
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-9045
请登录查看更多情报信息。
- Johnson Controls Software House C-CURE 9000 and American Dynamics victor VMS | CISAthird-party-advisoryx_refsource_CERT
- https://nvd.nist.gov/vuln/detail/CVE-2020-9045
IV. Related Vulnerabilities
Same vendor: Johnson Controls
- CVE-2026-21660
Johnson Controls-Frick Quantum HD-Hardcoded Email Credential - CVE-2026-21659
Johnson Controls -Frick Quantum HD-Unauthenticated Remote Co - CVE-2026-21658
Johnson Controls -Frick Quantum HD- Unauthenticated Remote C - CVE-2026-21657
Johnson Controls -Frick Quantum HD- Unauthenticated Remote C - CVE-2026-21656
Johnson Controls -Frick Quantum HD- Unauthenticated Remote C
Same weakness: CWE-312
- CVE-2026-7163
Assisted-service: assisted-service: authenticated users can - CVE-2026-41385
OpenClaw < 2026.3.31 - Nostr Private Key Exposure via config - CVE-2026-6553
TYPO3 CMS Stores Cleartext Password in User Settings Module - CVE-2026-35644
OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Field - CVE-2025-14815
Information Disclosure, Tampering, and Denial-of-Service Vul
V. Comments for CVE-2020-9045
No comments yet