CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential...

Basic Information

CVE State: PUBLISHED
Reserved Date: July 08, 2022
Published Date: September 13, 2022
Last Updated: August 03, 2024
Vendor: Penta Security Systems Inc.
Product: WAPPLES
Description: WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.
Tags

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Score: 91.80% (Percentile: 99.66%) as of 2025-06-13

Exploit Status

Exploited in the Wild: Yes (2025-06-05 00:00:00 UTC) Source

References

https://www.pentasecurity.com/product/wapples/ https://azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systems-inc.wapples_sa_v6?tab=Overview https://medium.com/%40_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-06-06 12:00:25 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-35413.yaml	2025-04-26 00:00:00 UTC

Timeline

CVE ID Reserved

July 08, 2022
CVE Published to Public

September 13, 2022
Detected by Nuclei

April 26, 2025
Added to KEVIntel

June 06, 2025