The vulnerability of the WebReportsApi.dll software for managing the infrastructure of Device42’s data processing center allows a hacker to obtain the encryption key.

The vulnerability of the WebReportsApi.dll software for managing the infrastructure of Device42’s data processing center lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker operating remotely to obtain the encryption key...

CVE-2022-1401 Insufficient validation of provided paths in Exago WrImageResource.axd

Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00...

CVE-2022-1401

CVE-2022-1401 concerns improper access control in Device42 CMDB prior to 18.01.00. The vulnerability exists in the /Exago/WrImageResource.adx route, enabling an unauthenticated attacker to read sensitive server files with root permissions. Affected: Device42 CMDB versions before 18.01.00. Root ca...

CVE-2022-1410 Remote Code Execution in Device42 ApplianceManager console

OS Command Injection vulnerability in the dboptimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. This issue affects: Device42 CMDB version 18.01.00 and prior versions...

CVE-2022-1410

CVE-2022-1410 is an OS command injection vulnerability in the db_optimize component of the Device42 Asset Management Appliance (Device42 CMDB 18.01.00 and earlier). The root cause is an OS command injection that could allow an authenticated attacker to execute remote code on the appliance, with h...

CVE-2022-1400 Hardcoded encryption key IV in Exago WebReportsApi.dll

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...

CVE-2022-1400

CVE-2022-1400 affects Device42 CMDB versions prior to 18.01.00 and is due to a hard-coded cryptographic key in Exago WebReportsApi.dll (WebReports API). This design flaw can allow an attacker to leak session IDs and elevate privileges within the appliance. The vulnerability is documented in NVD w...

CVE-2022-1399 Remote code execution in scheduled tasks component

An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00 and prior versions...

CVE-2022-1399

CVE-2022-1399 is a vulnerability in Device42 CMDB (versions

CVE-2022-1399

An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00 and prior versions...

CVE-2022-1401

Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00...

CVE-2022-1410

OS Command Injection vulnerability in the dboptimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. This issue affects: Device42 CMDB version 18.01.00 and prior versions...

CVE-2022-1400

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...

Device42 访问控制错误漏洞

Device42, a Device42 company, provides the industry's most advanced and complete hybrid cloud discovery and dependency mapping platform. An access control error vulnerability exists in Device42 CMDB version 18.01.00 and earlier, which stems from a vulnerability in the /Exago/WrImageResource.adx...

Device42 信任管理问题漏洞

Device42, a Device42 company, provides the industry's most advanced and complete hybrid cloud discovery and dependency mapping platform. A security vulnerability in Device42 CMDB version 18.01.00 and earlier, which stems from the use of a hard-coded encryption key vulnerability in WebReportsApi.d...

Device42 参数注入漏洞

Device42, a Device42 company, provides the industry's most advanced and complete hybrid cloud discovery and dependency mapping platform. A parameter injection vulnerability exists in Device42 CMDB version 18.01.00 and earlier, which stems from a Change Secret username field used in the discovery...

Device42 操作系统命令注入漏洞

Device42 is a US-based Device42 company providing the industry's most advanced and complete hybrid cloud discovery and dependency mapping platform. Device42 CMDB versions 18.01.00 and earlier have an operating system command injection vulnerability that stems from a vulnerability in the dboptimiz...

PT-2022-4180 · Device42 · Device42 Cmdb

Name of the Vulnerable Software and Affected Versions: Device42 CMDB versions 18.01.00 and prior versions. Description: The issue is related to an Argument Injection or Modification vulnerability in the Discovery component of Device42 CMDB, specifically in the "Change Secret" username field. This...

PT-2022-4179 · Device42 · Device42 Cmdb

Name of the Vulnerable Software and Affected Versions: Device42 CMDB versions prior to 18.01.00 Description: The issue is related to the use of a hard-coded cryptographic key in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance. This allows an attacker...

Critical Flaws Disclosed in Device42 IT Asset Management Software

Cybersecurity researchers have disclosed multiple severe security vulnerabilities asset management platform Device42 that, if successfully exploited, could enable a malicious actor to seize control of affected systems. "By exploiting these issues, an attacker could impersonate other users, obtain...