Lucene search

Kaspersky LabKLA10049

HistoryDec 07, 2011 - 12:00 a.m.

KLA10049 CI vulnerability in APC PowerChute

2011-12-0700:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

49.0%

JSON

A cross-site scripting vulnerability was found in PowerChute. By exploiting this vulnerability malicious users can inject arbitrary web script. This vulnerability can be exploited from the network at a point related to unknown vectors.

Original advisories

vulnerability description

Related products

APC-PowerChute-Business-Edition

CVE list

CVE-2011-4263 warning

Solution

Update to latest version

Impacts

Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.

Affected Products

Schneider Electric APC PowerChute Buisness Edidtion versions 8.5 and earlier

References

www.cvedetails.com/cve/CVE-2011-4263/

statistics.securelist.com/

threats.kaspersky.com/en/product/APC-PowerChute-Business-Edition/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

49.0%

JSON

Related for KLA10049