Vulnerabilities > Eginnovations

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-29594 Improper Preservation of Permissions vulnerability in Eginnovations products
eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM.
local
low complexity
eginnovations CWE-281
7.2
7.2
2020-02-03 CVE-2020-8592 SQL Injection vulnerability in Eginnovations EG Manager 7.1.2
eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature).
network
low complexity
eginnovations CWE-89
7.5
7.5
2020-02-03 CVE-2020-8591 Improper Authentication vulnerability in Eginnovations EG Manager 7.1.2
eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request.
network
low complexity
eginnovations CWE-287
7.5
7.5