- Description
- An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's password. The web page displayed by the appliance contains the password in cleartext. Passwords could be retrieved by browsing the source code of the webpage.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 4.9
- Impact score
- 3.6
- Exploitability score
- 1.2
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
- nvd@nist.gov
- CWE-522
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:9px_ups_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA2884E8-EAF4-443C-9FE7-427E6196C881"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:9px_ups:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8A34E385-07BC-45D5-A763-490263DB5C7A"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]