Veeam Backup and Replication Access Control Vulnerability (CVE-2023-27532)

Veeam has patched a high-severity vulnerability in its Veeam Backup & Replication product. Assigned with CVE-2023-27532, the vulnerability may allow an unauthenticated attacker to execute arbitrary code remotely.     The proof-of-concept (PoC) for this vulnerability is publicly available. Markus Wulftange, a security researcher at CODE WHITE GmbH, has published the PoC. CISA has added … Continue reading “Veeam Backup and Replication Access Control Vulnerability (CVE-2023-27532)”

eG Manager Remote Code Execution Vulnerability(CVE-2020-8591)

Overview: On January 2020, an Improper Access Control vulnerability had discovered in eG manager. Exploitation leads to Remote Code Execution. Improper Access Control describes failure in AAA (Authentication, Authorization, Accounting) security model. The eG Manager is a central web portal which provides administrators with authenticated access over the web to the performance statistics stored in … Continue reading “eG Manager Remote Code Execution Vulnerability(CVE-2020-8591)”