Описание
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.
Ссылки
- PatchProductThird Party AdvisoryVendor Advisory
- ProductVendor Advisory
- PatchProductThird Party AdvisoryVendor Advisory
- ProductVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.0.54.1 (включая) до 6.0.0 (включая)
cpe:2.3:a:pentasecurity:wapples:*:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.85969
Высокий
9.8 Critical
CVSS3
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
WAPPLES through 6.0 has a hardcoded systemi account accessible via db/wp.no1 (as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file). A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.
EPSS
Процентиль: 99%
0.85969
Высокий
9.8 Critical
CVSS3
Дефекты
CWE-798