VYPR
Vendor

Penta Security Systems Inc

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2022-35413CriSep 13, 2022
    risk 0.65cvss 9.8epss 0.12

    WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.

  • CVE-2022-35582HigSep 13, 2022
    risk 0.57cvss 8.8epss 0.01

    Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not…

  • CVE-2022-31322HigSep 13, 2022
    risk 0.51cvss 7.8epss 0.00

    Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables.

  • CVE-2022-31324MedSep 13, 2022
    risk 0.42cvss 6.5epss 0.00

    An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request.