Vulnerabilities > Device42 > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-17 | CVE-2022-1399 | Argument Injection or Modification vulnerability in Device42 Cmdb An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. | 9.1 |
| 2022-08-17 | CVE-2022-1400 | Use of Hard-coded Credentials vulnerability in Device42 Cmdb Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. | 9.8 |