Eaton Intelligent Power Manager (IPM) before 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can allow malicious users to control the input to the function and execute attacker controlled commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eaton intelligent power manager |
||
eaton intelligent power manager virtual appliance |
||
eaton intelligent power protector |