{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-23282", "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "state": "PUBLISHED", "assignerShortName": "Eaton", "dateReserved": "2021-01-08T22:01:48.663Z", "datePublished": "2024-11-25T08:36:19.141Z", "dateUpdated": "2024-11-25T13:57:58.441Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Intelligent Power Manager (IPM)", "vendor": "Eaton", "versions": [{"lessThan": "1.70", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2024-11-25T08:34:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The\nvulnerability exists due to insufficient validation of input from certain resources by the IPM software.\nThe attacker would need access to the local Subnet and an administrator interaction to compromise\nthe system"}], "value": "Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The\nvulnerability exists due to insufficient validation of input from certain resources by the IPM software.\nThe attacker would need access to the local Subnet and an administrator interaction to compromise\nthe system"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "shortName": "Eaton", "dateUpdated": "2024-11-25T08:36:19.141Z"}, "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-Vulnerability-Advisory_1001a_V1.0.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Eaton has patched these security issues and an updated version (v1.70) of the IPM v1 software has been\nreleased.<br>"}], "value": "Eaton has patched these security issues and an updated version (v1.70) of the IPM v1 software has been\nreleased."}], "source": {"discovery": "UNKNOWN"}, "title": "Stored Cross-site Scripting reported in Intelligent Power Manager v1", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-25T13:57:47.686743Z", "id": "CVE-2021-23282", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-25T13:57:58.441Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-23282", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-25T13:57:47.686743Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-25T13:57:55.367Z"}}], "cna": {"title": "Stored Cross-site Scripting reported in Intelligent Power Manager v1", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.2, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Eaton", "product": "Intelligent Power Manager (IPM)", "versions": [{"status": "affected", "version": "0", "lessThan": "1.70", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Eaton has patched these security issues and an updated version (v1.70) of the IPM v1 software has been\nreleased.", "supportingMedia": [{"type": "text/html", "value": "Eaton has patched these security issues and an updated version (v1.70) of the IPM v1 software has been\nreleased.<br>", "base64": false}]}], "datePublic": "2024-11-25T08:34:00.000Z", "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-Vulnerability-Advisory_1001a_V1.0.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The\nvulnerability exists due to insufficient validation of input from certain resources by the IPM software.\nThe attacker would need access to the local Subnet and an administrator interaction to compromise\nthe system", "supportingMedia": [{"type": "text/html", "value": "Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The\nvulnerability exists due to insufficient validation of input from certain resources by the IPM software.\nThe attacker would need access to the local Subnet and an administrator interaction to compromise\nthe system", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "shortName": "Eaton", "dateUpdated": "2024-11-25T08:36:19.141Z"}}}, "cveMetadata": {"cveId": "CVE-2021-23282", "state": "PUBLISHED", "dateUpdated": "2024-11-25T13:57:58.441Z", "dateReserved": "2021-01-08T22:01:48.663Z", "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "datePublished": "2024-11-25T08:36:19.141Z", "assignerShortName": "Eaton"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The\nvulnerability exists due to insufficient validation of input from certain resources by the IPM software.\nThe attacker would need access to the local Subnet and an administrator interaction to compromise\nthe system"}, {"lang": "es", "value": "Eaton Intelligent Power Manager (IPM) anterior a la versi\u00f3n 1.70 es vulnerable a ataques de cross-site scripting almacenado. La vulnerabilidad existe debido a una validaci\u00f3n insuficiente de la entrada de ciertos recursos por parte del software IPM. El atacante necesitar\u00eda acceso a la subred local y una interacci\u00f3n con el administrador para comprometer el sistema."}], "id": "CVE-2021-23282", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 4.2, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-11-25T09:15:04.350", "references": [{"source": "[email protected]", "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-Vulnerability-Advisory_1001a_V1.0.pdf"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Secondary"}]}

{}