Lucene search

[email protected]NVD:CVE-2022-35413

HistorySep 13, 2022 - 10:15 p.m.

CVE-2022-35413

2022-09-1322:15:09

CWE-798

[email protected]

web.nvd.nist.gov

wapples

hardcoded account

system configuration

https request

ssl keys

cve-2022-35413

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.619

Percentile

97.9%

JSON

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.

Affected configurations

Nvd

Node

pentasecuritywapplesRange4.0.54.1–6.0.0

VendorProductVersionCPE
pentasecuritywapples*cpe:2.3:a:pentasecurity:wapples:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pentasecurity	wapples	*	cpe:2.3:a:pentasecurity:wapples::::::::

References

azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systems-inc.wapples_sa_v6?tab=Overview

medium.com/%40_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb

www.pentasecurity.com/product/wapples/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.619

Percentile

97.9%

JSON

Related for NVD:CVE-2022-35413

prion1 nuclei1 cve1 cvelist1