What is CVE-2022-35413?

CVE-2022-35413 is a vulnerability in N/a. Published 2022-09-13.

Is CVE-2022-35413 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.

EPSS: 0.860 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
StarCrossPortal/scalpel
anonymous364872/Rapier_
apif-review/APIF_
apit-review-account/apit-tool
youcans896768/APIV_

References

www.pentasecurity.com/product/wapples/ (x_refsource_MISC)
azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systems-inc.w… (x_refsource_MISC)
medium.com/@_sadshade/wapples-web-application-firewall-multiple-vulnerabilities… (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-35413?: CVE-2022-35413 is a vulnerability in N/a. Published 2022-09-13.
Is CVE-2022-35413 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.