CVE-2022-1399
9.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00 and prior versions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Device42 | CMDB | unspecified < 18.01.00 | affected |
Weaknesses
- CWE-88: CWE-88 Argument Injection or Modification
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.