Wapples Security Vulnerabilities and Issues — Wapples CVE List

Lucene search

PentasecurityWapples

4 matches found

CVE•added 2022/09/13 10:15 p.m.•60 views

CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.

9.8CVSS9.3AI score0.91796EPSS

CVE•added 2022/09/13 10:15 p.m.•43 views

CVE-2022-35582

Penta Security Systems Inc WAPPLES 4.0., 5.0.0. , 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documen...

8.8CVSS8.8AI score0.00092EPSS

CVE•added 2022/09/13 10:15 p.m.•37 views

CVE-2022-31324

An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request.

6.5CVSS6.4AI score0.00202EPSS

CVE•added 2022/09/13 10:15 p.m.•33 views

CVE-2022-31322

Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables.

7.8CVSS7.7AI score0.00068EPSS