Eaton Power Management Software Vulnerability - US

2019-02-06T12:40:42
ID LENOVO:PS500214-NOSID
Type lenovo
Reporter Lenovo
Modified 2019-04-01T16:49:50

Description


Lenovo Security Advisory: LEN-25568

Potential Impact: Information disclosure

Severity: High

Scope of Impact: Industry-wide

CVE Identifier: CVE 2018-12031

Summary Description:

Eaton has notified Lenovo of a local file inclusion (LFI) vulnerability in Eaton software included in Lenovo UPS Power Manager and IBM UPS Power Manager that could allow an attacker to retrieve unauthorized files.

Mitigation Strategy for Customers (what you should do to protect yourself):

Upgrade Lenovo UPS Power Manager and IBM UPS Power Manager as described in the Product Impact section below.