CVE-2022-35413
- EPSS 85.97%
- Veröffentlicht 13.09.2022 22:15:09
- Zuletzt bearbeitet 21.11.2024 07:11:07
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.
CVE-2022-35582
- EPSS 0.3%
- Veröffentlicht 13.09.2022 22:15:09
- Zuletzt bearbeitet 21.11.2024 07:11:20
Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well...
CVE-2022-31322
- EPSS 0.11%
- Veröffentlicht 13.09.2022 22:15:08
- Zuletzt bearbeitet 21.11.2024 07:04:19
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables.
CVE-2022-31324
- EPSS 0.29%
- Veröffentlicht 13.09.2022 22:15:08
- Zuletzt bearbeitet 21.11.2024 07:04:20
An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request.