CVE-2022-1400

Published: Aug 17, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00.

Affected (1)

Products: Device42: Cmdb

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Device42 Cmdb	Before 18.01.00

Related CWEs

Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/

Source: cve-requests@bitdefender.com

Third Party Advisory

https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.