Critical Vulnerability Found in Eskom e-Belediye Municipal Management System

CVSScvssV3_1: 9.8

The Eskom e-Belediye municipal management system was found to have a serious vulnerability that could allow attackers to gather sensitive information without authentication.

The vulnerability, tracked as CVE-2023-1114, receives a CVSS score of 9.8 out of 10, indicating its critical severity. It is a missing authorization issue that exists in versions and earlier of the Eskom e-Belediye software.

Without proper authorization checks, attackers could potentially send carefully crafted requests to elicit or “pull” confidential data from the Eskom e-Belediye system. This could include internal documents, user accounts, financial records and other private material.

As the Eskom e-Belediye system is used by municipalities across South Africa to manage services, payments and more, a breach of its data could severely impact government operations and customer privacy.

To protect themselves, administrators of Eskom e-Belediye installations should immediately update to version or later to patch this vulnerability. Users should also monitor their accounts for any suspicious activity and change passwords if needed. Staying on top of software updates is key to reducing cyber risk.