EUVD-2022-24716

Malicious code in bioql PyPI...

CVE-2022-1400

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...

CVE-2022-1401

Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00...

CVE-2022-1400

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...

Hardcoded credentials

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...

The vulnerability of the Device42 data processing infrastructure management software’s /Exago/WrImageResource.axd file allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the dboptimize function in the Device42 data center infrastructure management software applmgr/applmgrsite/views.py is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protect...

CVE-2022-1401 Insufficient validation of provided paths in Exago WrImageResource.axd

Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00...

CVE-2022-1400 Hardcoded encryption key IV in Exago WebReportsApi.dll

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...

CVE-2022-1400

CVE-2022-1400 affects Device42 CMDB versions prior to 18.01.00 and is due to a hard-coded cryptographic key in Exago WebReportsApi.dll (WebReports API). This design flaw can allow an attacker to leak session IDs and elevate privileges within the appliance. The vulnerability is documented in NVD w...

Device42 访问控制错误漏洞

Device42, a Device42 company, provides the industry's most advanced and complete hybrid cloud discovery and dependency mapping platform. An access control error vulnerability exists in Device42 CMDB version 18.01.00 and earlier, which stems from a vulnerability in the /Exago/WrImageResource.adx...

Device42 信任管理问题漏洞

Device42, a Device42 company, provides the industry's most advanced and complete hybrid cloud discovery and dependency mapping platform. A security vulnerability in Device42 CMDB version 18.01.00 and earlier, which stems from the use of a hard-coded encryption key vulnerability in WebReportsApi.d...

PT-2022-4178 · Device42 · Device42 Cmdb

Name of the Vulnerable Software and Affected Versions: Device42 CMDB versions prior to 18.01.00 Description: The issue is related to improper access control in the Device42 Asset Management Appliance, specifically in the /Exago/WrImageResource.adx route. This allows an unauthenticated attacker to...