Описание
Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application.
Ссылки
- MitigationVendor Advisory
- MitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.67 (включая)
cpe:2.3:a:eaton:intelligent_power_manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.0107
Низкий
8.8 High
CVSS3
7.3 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-20
CWE-20
Связанные уязвимости
github
больше 3 лет назад
Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application.
EPSS
Процентиль: 77%
0.0107
Низкий
8.8 High
CVSS3
7.3 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-20
CWE-20