A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Information
Published : 2023-01-31 20:15
Updated : 2023-02-08 11:43
NVD link : CVE-2022-42971
Mitre link : CVE-2022-42971
JSON object : View
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type
Products Affected
microsoft
- windows_7
- windows_server_2016
- windows_server_2019
- windows_server_2022
- windows_10
- windows_11
schneider-electric
- easy_ups_online_monitoring_software
- apc_easy_ups_online_monitoring_software