15 matches found
EUVD-2022-24715
Malicious code in bioql PyPI...
CVE-2022-1400
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...
CVE-2022-1401
Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00...
CVE-2022-1399
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00 and prior versions...
CVE-2022-1401
Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00...
CVE-2022-1400
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...
Hardcoded credentials
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...
Design/Logic Flaw
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00 and prior versions...
CVE-2022-1410 Remote Code Execution in Device42 ApplianceManager console
OS Command Injection vulnerability in the dboptimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. This issue affects: Device42 CMDB version 18.01.00 and prior versions...
CVE-2022-1400 Hardcoded encryption key IV in Exago WebReportsApi.dll
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...
CVE-2022-1399 Remote code execution in scheduled tasks component
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00 and prior versions...
CVE-2022-1399
CVE-2022-1399 is a vulnerability in Device42 CMDB (versions
Device42 操作系统命令注入漏洞
Device42 is a US-based Device42 company providing the industry's most advanced and complete hybrid cloud discovery and dependency mapping platform. Device42 CMDB versions 18.01.00 and earlier have an operating system command injection vulnerability that stems from a vulnerability in the dboptimiz...
Device42 信任管理问题漏洞
Device42, a Device42 company, provides the industry's most advanced and complete hybrid cloud discovery and dependency mapping platform. A security vulnerability in Device42 CMDB version 18.01.00 and earlier, which stems from the use of a hard-coded encryption key vulnerability in WebReportsApi.d...
PT-2022-4180 · Device42 · Device42 Cmdb
Name of the Vulnerable Software and Affected Versions: Device42 CMDB versions 18.01.00 and prior versions. Description: The issue is related to an Argument Injection or Modification vulnerability in the Discovery component of Device42 CMDB, specifically in the "Change Secret" username field. This...