Vulnerabilities > Device42
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-17 | CVE-2022-1399 | Argument Injection or Modification vulnerability in Device42 Cmdb An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. | 9.1 |
| 2022-08-17 | CVE-2022-1400 | Use of Hard-coded Credentials vulnerability in Device42 Cmdb Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. | 9.8 |
| 2022-08-17 | CVE-2022-1401 | Incorrect Authorization vulnerability in Device42 Cmdb Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. | 7.5 |
| 2022-08-17 | CVE-2022-1410 | OS Command Injection vulnerability in Device42 Cmdb OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. | 8.8 |
| 2021-09-17 | CVE-2021-41315 | OS Command Injection vulnerability in Device42 Remote Collector The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. | 8.8 |
| 2021-09-17 | CVE-2021-41316 | Argument Injection or Modification vulnerability in Device42 The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. | 8.1 |