Penta Security Systems Inc WAPPLES 4.0., 5.0.0., 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the...
8.8CVSS
8.8AI Score
0.001EPSS
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or...
9.8CVSS
9.3AI Score
0.799EPSS
An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST...
6.5CVSS
6.4AI Score
0.001EPSS
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged...
7.8CVSS
7.7AI Score
0.0004EPSS