CVE-2023-29411

Name of the Vulnerable Software and Affected Versions APC Easy UPS Online Monitoring Software versions (affected versions not specified) Java RMI interface versions (affected versions not specified)

Description The issue is related to a lack of authentication for a critical function, which could allow an attacker to change administrative credentials, potentially leading to remote code execution without prior authentication on the Java RMI interface.

Recommendations For APC Easy UPS Online Monitoring Software, update the software to a version that includes authentication for critical functions. For Java RMI interface, restrict access to the interface until a patch is available that includes proper authentication for critical functions. As a temporary workaround, consider disabling the updateManagerPassword function until a patch is available.