Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-1400
HistoryAug 17, 2022 - 12:15 a.m.

CVE-2022-1400

2022-08-1700:15:08
CWE-798
CWE-321
[email protected]
web.nvd.nist.gov
4
vulnerability
hard-coded cryptographic key
webreportsapi.dll
exago web reports
device42 asset management appliance
session ids
privileges
device42 cmdb
security issue

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

58.3%

JSON

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00.

Affected configurations

Nvd
Node
device42cmdbRange<18.01.00
VendorProductVersionCPE
device42cmdb*cpe:2.3:a:device42:cmdb:*:*:*:*:*:*:*:*

Related

prion 1
cvelist 1
cve 1
thn 1
prion
prion
Hardcoded credentials
2022-08-17 00:15:00
cvelist
cvelist
CVE-2022-1400 Hardcoded encryption key IV in Exago WebReportsApi.dll
2022-08-16 23:25:12
cve
cve
CVE-2022-1400
2022-08-17 00:15:08
thn
thn
Critical Flaws Disclosed in Device42 IT Asset Management Software
2022-08-11 09:23:00

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

58.3%

JSON
Related for NVD:CVE-2022-1400
prion1cvelist1cve1thn1