CVE Vulnerability

CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systems-inc.wapples_sa_v6?tab=Overview Patch Product
https://medium.com/@_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb Exploit Third Party Advisory
https://www.pentasecurity.com/product/wapples/ Product Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:pentasecurity:wapples:*:*:*:*:*:*:*:*
Information

Published : 2022-09-13 10:15

Updated : 2022-10-01 02:28

NVD link : CVE-2022-35413

Mitre link : CVE-2022-35413

Products Affected
No products.
CWE
CWE-798