CVE-2021-23288

The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69.
Configurations

Configuration 1 (hide)

cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:*

History

09 Apr 2022, 00:40

Type Values Removed Values Added
References (MISC) https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1002b_V1.0.pdf - (MISC) https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1002b_V1.0.pdf - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 2.3
v3 : 4.8
CWE CWE-79
CPE cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:*

01 Apr 2022, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-01 23:15

Updated : 2024-02-04 22:29


NVD link : CVE-2021-23288

Mitre link : CVE-2021-23288

CVE.ORG link : CVE-2021-23288


JSON object : View

Products Affected

eaton

  • intelligent_power_protector
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')