Hard-coded Cryptographic Key Vulnerability in Exago Web Reports Allows Session ID Leakage and Privilege Escalation

Hard-coded Cryptographic Key Vulnerability in Exago Web Reports Allows Session ID Leakage and Privilege Escalation

CVE-2022-1400 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00.

Learn more about our Web App Pen Testing.