Lenovo Security Advisory: LEN-25568
Potential Impact: Information disclosure
Scope of Impact: Industry-wide
CVE Identifier: CVE 2018-12031
Eaton has notified Lenovo of a local file inclusion (LFI) vulnerability in Eaton software included in Lenovo UPS Power Manager and IBM UPS Power Manager that could allow an attacker to retrieve unauthorized files.
Mitigation Strategy for Customers (what you should do to protect yourself):
Upgrade Lenovo UPS Power Manager and IBM UPS Power Manager as described in the Product Impact section below.