CVE-2022-1400

CRITICAL Year: 2022
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-321
View all →

Vulnerability Description

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00.

Related Vulnerabilities

CVE-2016-4437

CRITICAL
CVSS:9.8(Critical)

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unsp...

CWE-3212016

CVE-2017-14021

CRITICAL
CVSS:9.8(Critical)

A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G v...

CWE-3212017

CVE-2018-0040

CRITICAL
CVSS:9.8(Critical)

Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized acc...

CWE-3212018

CVE-2019-19750

CRITICAL
CVSS:9.8(Critical)

minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.

CWE-3212019

CVE-2019-19752

CRITICAL
CVSS:9.8(Critical)

nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as o...

CWE-3212019

CVE-2020-6990

CRITICAL
CVSS:9.8(Critical)

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic ...

CWE-3212020