cvelist/2022/1xxx/CVE-2022-1400.json

{
    "CVE_data_meta": {
        "ASSIGNER": "cve-requests@bitdefender.com",
        "DATE_PUBLIC": "2022-08-16T19:00:00.000Z",
        "ID": "CVE-2022-1400",
        "STATE": "PUBLIC",
        "TITLE": "Hardcoded encryption key IV in Exago WebReportsApi.dll"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "CMDB",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_value": "18.01.00"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Device42"
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "\u0218tefania POPESCU - Team Lead, Security @ Bitdefender"
        },
        {
            "lang": "eng",
            "value": "Ionu\u021b LALU - Security Engineer @ Bitdefender"
        },
        {
            "lang": "eng",
            "value": "Cristian BUZA - Security Engineer @ Bitdefender"
        },
        {
            "lang": "eng",
            "value": "Alexandru LAZ\u0102R - Security Researcher @ Bitdefender"
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-321 Use of Hard-coded Cryptographic Key"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/",
                "name": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "An update to Device42 CMDB  version 19.01.00 fixes the issue."
        }
    ],
    "source": {
        "discovery": "EXTERNAL"
    }
}
"-Synchronized-Data." 2022-04-19 13:01:28 +00:00			`{`
			`"CVE_data_meta": {`
Populating data for CVE-2022-1400 2022-08-16 16:21:15 -07:00			`"ASSIGNER": "cve-requests@bitdefender.com",`
			`"DATE_PUBLIC": "2022-08-16T19:00:00.000Z",`
"-Synchronized-Data." 2022-04-19 13:01:28 +00:00			`"ID": "CVE-2022-1400",`
Populating data for CVE-2022-1400 2022-08-16 16:21:15 -07:00			`"STATE": "PUBLIC",`
			`"TITLE": "Hardcoded encryption key IV in Exago WebReportsApi.dll"`
"-Synchronized-Data." 2022-04-19 13:01:28 +00:00			`},`
Populating data for CVE-2022-1400 2022-08-16 16:21:15 -07:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "CMDB",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_value": "18.01.00"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Device42"`
			`}`
			`]`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2022-08-17 00:00:56 +00:00			`"value": "\u0218tefania POPESCU - Team Lead, Security @ Bitdefender"`
Populating data for CVE-2022-1400 2022-08-16 16:21:15 -07:00			`},`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2022-08-17 00:00:56 +00:00			`"value": "Ionu\u021b LALU - Security Engineer @ Bitdefender"`
Populating data for CVE-2022-1400 2022-08-16 16:21:15 -07:00			`},`
			`{`
			`"lang": "eng",`
			`"value": "Cristian BUZA - Security Engineer @ Bitdefender"`
			`},`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2022-08-17 00:00:56 +00:00			`"value": "Alexandru LAZ\u0102R - Security Researcher @ Bitdefender"`
Populating data for CVE-2022-1400 2022-08-16 16:21:15 -07:00			`}`
			`],`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2022-04-19 13:01:28 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2022-08-17 00:00:56 +00:00			`"value": "Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00."`
Populating data for CVE-2022-1400 2022-08-16 16:21:15 -07:00			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "HIGH",`
			`"attackVector": "ADJACENT_NETWORK",`
			`"availabilityImpact": "LOW",`
			`"baseScore": 7.1,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-321 Use of Hard-coded Cryptographic Key"`
			`}`
			`]`
"-Synchronized-Data." 2022-04-19 13:01:28 +00:00			`}`
			`]`
Populating data for CVE-2022-1400 2022-08-16 16:21:15 -07:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2022-08-17 00:00:56 +00:00			`"refsource": "MISC",`
			`"url": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/",`
			`"name": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/"`
Populating data for CVE-2022-1400 2022-08-16 16:21:15 -07:00			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			`"value": "An update to Device42 CMDB version 19.01.00 fixes the issue."`
			`}`
			`],`
			`"source": {`
			`"discovery": "EXTERNAL"`
"-Synchronized-Data." 2022-04-19 13:01:28 +00:00			`}`
			`}`