CVE-2020-6650

UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.�eval� in “Update Manager� class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed.

Source: CVE-2020-6650