Vulnerabilities > Device42 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-17 | CVE-2022-1401 | Unspecified vulnerability in Device42 Cmdb Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. | 7.5 |
| 2022-08-17 | CVE-2022-1410 | OS Command Injection vulnerability in Device42 Cmdb OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. | 8.8 |
| 2021-09-17 | CVE-2021-41315 | OS Command Injection vulnerability in Device42 Remote Collector The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. | 8.8 |
| 2021-09-17 | CVE-2021-41316 | Argument Injection or Modification vulnerability in Device42 The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. | 8.1 |