CVE-2020-6650

Name of the Vulnerable Software and Affected Versions UPS companion software versions 1.05 and prior

Description The issue arises from the software's failure to properly neutralize code syntax before using input in a dynamic evaluation call, such as eval, within the Update Manager class. This occurs when the software checks for available updates, leading to arbitrary code execution on the machine where the software is installed.

Recommendations For UPS companion software versions 1.05 and prior, as a temporary workaround, consider disabling the eval function in the Update Manager class until a patch is available. Restrict access to the Update Manager class to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.