CVE-2020-6650 · CVEKit

cve.orgen

391 chars

UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.”eval” in “Update Manager” class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed.

NVDen

391 chars

UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.”eval” in “Update Manager” class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed.

NVDes

480 chars

UPS companion software versiones v1.05 y anteriores, está afectado por una vulnerabilidad de "Eval Injection". El software no neutraliza o neutraliza incorrectamente una sintaxis del código antes de usar la entrada en una llamada de evaluación dinámica, por ejemplo, "eval" en una clase "Update Manager" cuando el software intenta visualizar si existen actualizaciones disponibles. Esto resulta en una ejecución de código arbitrario en la máquina donde el software está instalado.

CVSS metrics across sources

5

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.8	6.5	6.4	AV:A/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H