Vulnerabilities > Device42 > Cmdb > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-17 | CVE-2022-1401 | Unspecified vulnerability in Device42 Cmdb Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. | 7.5 |
| 2022-08-17 | CVE-2022-1410 | OS Command Injection vulnerability in Device42 Cmdb OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. | 8.8 |