CVE-2022-1400

Name of the Vulnerable Software and Affected Versions Device42 CMDB versions prior to 18.01.00

Description The issue is related to the use of a hard-coded cryptographic key in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance. This allows an attacker to leak session IDs and elevate privileges. The exploitation of this issue can enable a remote attacker to obtain the encryption key.

Recommendations For Device42 CMDB versions prior to 18.01.00, update to version 18.01.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the WebReportsApi.dll to minimize the risk of exploitation.