Lucene search

[email protected]NVD:CVE-2022-31324

HistorySep 13, 2022 - 10:15 p.m.

CVE-2022-31324

2022-09-1322:15:08

CWE-494

[email protected]

web.nvd.nist.gov

arbitrary file download

penta security

wapples

v6.0 r3

4.10-hotfix1

post request

vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.4%

JSON

An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request.

Affected configurations

Nvd

Node

pentasecuritywapplesRange4.0.0–6.0.r3.4.10

pentasecuritywapplesMatchv6.0.r3.4.10-

pentasecuritywapplesMatchv6.0.r3.4.10hotfix1

VendorProductVersionCPE
pentasecuritywapples*cpe:2.3:a:pentasecurity:wapples:*:*:*:*:*:*:*:*
pentasecuritywapplesv6.0.r3.4.10cpe:2.3:a:pentasecurity:wapples:v6.0.r3.4.10:-:*:*:*:*:*:*
pentasecuritywapplesv6.0.r3.4.10cpe:2.3:a:pentasecurity:wapples:v6.0.r3.4.10:hotfix1:*:*:*:*:*:*

Vendor	Product	Version	CPE
pentasecurity	wapples	*	cpe:2.3:a:pentasecurity:wapples::::::::
pentasecurity	wapples	v6.0.r3.4.10	cpe:2.3:a:pentasecurity:wapples:v6.0.r3.4.10:-::::::
pentasecurity	wapples	v6.0.r3.4.10	cpe:2.3:a:pentasecurity:wapples:v6.0.r3.4.10:hotfix1::::::

References

medium.com/%40_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb

www.pentasecurity.com/product/wapples/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.4%

JSON

Related for NVD:CVE-2022-31324

prion1 cvelist1 cve1