CVE-2022-35413

Critical

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and…

mitre·CWE-798·Published 2022-09-13

CVSS

9.8

EPSS

0.12

KEV

Exploits

cve.orgen

235 chars

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.

NVDen

235 chars

NVDes

286 chars

WAPPLES hasta la versión 6.0 tiene una cuenta systemi codificada. Un actor de la amenaza podría utilizar esta cuenta para acceder a la configuración del sistema y a la información confidencial (como las claves SSL) a través de una solicitud HTTPS al URI /webapi/ en el puerto 443 o 5001

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H