Lucene search

MitreCVE-2022-31324

HistorySep 13, 2022 - 10:15 p.m.

CVE-2022-31324

2022-09-1322:15:08

CWE-494

mitre

web.nvd.nist.gov

cve-2022-31324

arbitrary file download

penta security systems

wapples

vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request.

Affected configurations

Nvd

Node

pentasecuritywapplesRange4.0.0–6.0.r3.4.10

pentasecuritywapplesMatchv6.0.r3.4.10-

pentasecuritywapplesMatchv6.0.r3.4.10hotfix1

VendorProductVersionCPE
pentasecuritywapples*cpe:2.3:a:pentasecurity:wapples:*:*:*:*:*:*:*:*
pentasecuritywapplesv6.0.r3.4.10cpe:2.3:a:pentasecurity:wapples:v6.0.r3.4.10:-:*:*:*:*:*:*
pentasecuritywapplesv6.0.r3.4.10cpe:2.3:a:pentasecurity:wapples:v6.0.r3.4.10:hotfix1:*:*:*:*:*:*

Vendor	Product	Version	CPE
pentasecurity	wapples	*	cpe:2.3:a:pentasecurity:wapples::::::::
pentasecurity	wapples	v6.0.r3.4.10	cpe:2.3:a:pentasecurity:wapples:v6.0.r3.4.10:-::::::
pentasecurity	wapples	v6.0.r3.4.10	cpe:2.3:a:pentasecurity:wapples:v6.0.r3.4.10:hotfix1::::::

References

medium.com/%40_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb

www.pentasecurity.com/product/wapples/

Social References

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

Related for CVE-2022-31324