Pentasecurity Wapples vulnerabilities
4 known vulnerabilities affecting pentasecurity/wapples.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-35413P1CRITICALCVSS 9.8ExploitedPoC≥ 4.0.54.1, ≤ 6.0.02022-09-13
CVE-2022-35413 [CRITICAL] CWE-798 CVE-2022-35413: WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.
nvd
CVE-2022-35582P3HIGHCVSS 8.8v4.0.0v5.0.0.0+1 more2022-09-13
CVE-2022-35582 [HIGH] CWE-798 CVE-2022-35582: Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Contr
Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use th
nvd
CVE-2022-31322P3HIGHCVSS 7.8≥ 5.0.12.0, < 6.0.r3.4.10vv6.0.r3.4.102022-09-13
CVE-2022-31322 [HIGH] CWE-798 CVE-2022-31322: Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables.
nvd
CVE-2022-31324P3MEDIUMCVSS 6.5≥ 4.0.0, < 6.0.r3.4.10vv6.0.r3.4.102022-09-13
CVE-2022-31324 [MEDIUM] CWE-494 CVE-2022-31324: An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems
An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request.
nvd