CVE-2023-29411
published 2023-04-18CVE-2023-29411: A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow
changes to administrative credentials, leading to potential remote code execution without
requiring prior authentication on the Java RMI interface.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | apc_easy_ups_online_monitoring_software | <= 2.5-ga-01-22320 | — |
| schneider-electric | easy_ups_online_monitoring_software | <= 2.5-gs-01-22320 | — |