HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2021-23277

CVSS 8.3v3.1pub. 2021-04-13upd. 2024-11-21

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can allow attackers to control the input to the function and execute attacker controlled commands.

CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Eaton Intelligent Power Manager

    APP
    Eaton
    < 1.69
  • Eaton Intelligent Power Manager Virtual Appliance

    APP
    Eaton
    < 1.69
  • Eaton Intelligent Power Protector

    APP
    Eaton
    < 1.68
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2021-23281CRITICAL10.0ten sam produkt

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vul...

CVE-2018-12031CRITICAL9.8ten sam produkt

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/n...

CVE-2026-22619HIGH7.8ten sam produkt

Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could...

CVE-2021-23279HIGH8.0ten sam produkt

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vul...

CVE-2021-23278HIGH8.7ten sam produkt

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulne...