CVE-2022-42971

Name of the Vulnerable Software and Affected Versions APC Easy UPS Online Monitoring Software versions prior to V2.5-GA APC Easy UPS Online Monitoring Software versions prior to V2.5-GA-01-22261 Schneider Electric Easy UPS Online Monitoring Software versions prior to V2.5-GS Schneider Electric Easy UPS Online Monitoring Software versions prior to V2.5-GS-01-22261

Description A vulnerability exists that could cause remote code execution when an attacker uploads a malicious JSP file. This issue is related to the unrestricted upload of files with dangerous types. The exploitation of this vulnerability may allow a remote attacker to execute arbitrary code by uploading an arbitrary JSP file.

Recommendations For APC Easy UPS Online Monitoring Software versions prior to V2.5-GA, update to version V2.5-GA or later. For APC Easy UPS Online Monitoring Software versions prior to V2.5-GA-01-22261, update to version V2.5-GA-01-22261 or later. For Schneider Electric Easy UPS Online Monitoring Software versions prior to V2.5-GS, update to version V2.5-GS or later. For Schneider Electric Easy UPS Online Monitoring Software versions prior to V2.5-GS-01-22261, update to version V2.5-GS-01-22261 or later. As a temporary workaround, consider restricting the upload of JSP files to minimize the risk of exploitation.