3 matches found
CVE-2022-1400
CVE-2022-1400 affects Device42 CMDB versions prior to 18.01.00 and is due to a hard-coded cryptographic key in Exago WebReportsApi.dll (WebReports API). This design flaw can allow an attacker to leak session IDs and elevate privileges within the appliance. The vulnerability is documented in NVD w...
CVE-2022-1400 Hardcoded encryption key IV in Exago WebReportsApi.dll
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...
Critical Flaws Disclosed in Device42 IT Asset Management Software
Cybersecurity researchers have disclosed multiple severe security vulnerabilities asset management platform Device42 that, if successfully exploited, could enable a malicious actor to seize control of affected systems. "By exploiting these issues, an attacker could impersonate other users, obtain...