CVE-2022-31324

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request.

Una vulnerabilidad de descarga de archivos arbitrarios en la función downloadAction() de Penta Security Systems Inc WAPPLES versión v6.0 r3 4.10-hotfix1, permite a atacantes descargar archivos arbitrarios por medio de una petición POST diseñada

*Credits: N/A

CVSS Scores

NISTv3.1 6.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-05-23 CVE Reserved
2022-09-13 CVE Published
2024-04-05 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-494: Download of Code Without Integrity Check

CAPEC

References (2)

URL	Tag	Source
https://medium.com/%40_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.pentasecurity.com/product/wapples	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Pentasecurity Search vendor "Pentasecurity"		Wapples Search vendor "Pentasecurity" for product "Wapples"				>= 4.0.0 < 6.0.r3.4.10 Search vendor "Pentasecurity" for product "Wapples" and version " >= 4.0.0 < 6.0.r3.4.10"		-		Affected
Pentasecurity Search vendor "Pentasecurity"		Wapples Search vendor "Pentasecurity" for product "Wapples"				v6.0.r3.4.10 Search vendor "Pentasecurity" for product "Wapples" and version "v6.0.r3.4.10"		-		Affected
Pentasecurity Search vendor "Pentasecurity"		Wapples Search vendor "Pentasecurity" for product "Wapples"				v6.0.r3.4.10 Search vendor "Pentasecurity" for product "Wapples" and version "v6.0.r3.4.10"		hotfix1		Affected