3 matches found
CVE-2022-42971
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to...
CVE-2022-42971
The CVE-2022-42971 issue is a real, concrete vulnerability in Schneider Electric APC Easy UPS Online Monitoring Software (and related Schneider Electric variants) where UpLoadAction.execute allows Unrestricted Upload of File with Dangerous Type. An unauthenticated attacker can upload a malicious ...
Schneider Electric APC Easy UPS Online
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: APC Easy UPS Online Vulnerabilities: Missing Authentication for Critical Function, Unrestricted Upload of File with Dangerous Type, Incorrect Permission Assignment for...