2 matches found
CVE-2020-6650 Arbitrary code execution through “Update Manager” Class
UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.”eval” in “Update Manager” class when software attempts to see if there are updates...
CVE-2020-6650
CVE-2020-6650 affects Eaton UPS companion software (v1.05 and earlier) with an Eval Injection in the Update Manager class. The software does not properly neutralize input before dynamic evaluation (e.g., eval), enabling arbitrary code execution on the host machine. Documented impact is arbitrary ...