Skip to main content

Eg Manager

3 CVEs product

Monthly

CVE-2022-29594 HIGH POC This Week

eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Eg Agent Eg Manager Eg Rum Collectors Vm Agent
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8592 CRITICAL POC Act Now

eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Eg Manager
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8591 CRITICAL POC Act Now

eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eg Manager
NVD
CVSS 3.1
9.8
EPSS
1.4%
EPSS 0% CVSS 7.8
HIGH POC This Week

eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Eg Agent Eg Manager +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Eg Manager
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eg Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy