Description
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/
Scores
CVSS v3
7.1
EPSS
0.0066
EPSS Percentile
46.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Details
CWE
CWE-321
CWE-798
Status
published
Products (1)
device42/cmdb
< 18.01.00
Published
Aug 17, 2022
Tracked Since
Feb 18, 2026