Aggregates CVE and security vulnerability intelligence across all eginnovations-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and related problems; some flaws may lead to vendor impact data exposure, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-29594 | eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. | [email protected] | 7.8 | 0.03% | 2022-06-02 | 2024-11-21 |
| CVE-2020-8592 | eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature). | [email protected] | 9.8 | 0.26% | 2020-02-03 | 2024-11-21 |
| CVE-2020-8591 | eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request. | [email protected] | 9.8 | 0.14% | 2020-02-03 | 2024-11-21 |