The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69.
References
Configurations
History
09 Apr 2022, 00:40
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1002b_V1.0.pdf - Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 2.3
v3 : 4.8 |
CWE | CWE-79 | |
CPE | cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:* |
01 Apr 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-01 23:15
Updated : 2024-02-04 22:29
NVD link : CVE-2021-23288
Mitre link : CVE-2021-23288
CVE.ORG link : CVE-2021-23288
JSON object : View
Products Affected
eaton
- intelligent_power_protector
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')