Recent findings revealed over 200 exposed Nakivo backup and replication instances due to an arbitrary file read vulnerability. Discovered by security researchers watchTowr, the flaw could allow attackers to exploit backups and credentials from the Nakivo management platform. Despite being patched in November 2024, Nakivo failed to publicly acknowledge the flaw or communicate it to all users, raising concerns about security transparency. Many instances remained unpatched, highlighting the need for improved awareness and communication regarding vulnerabilities in software.
Nakivo backup and replication instances were found to be vulnerable to an arbitrary file read flaw, which could allow attackers to steal sensitive data.
The vulnerability, tracked as CVE-2024-48248, was silently patched by Nakivo, leaving many systems still exposed as customers failed to update.
Collection
[
|
...
]