Headline
CVE-2022-35413: Microsoft Azure Marketplace
WAPPLES through 6.0 has a hardcoded systemi account accessible via db/wp.no1 (as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file). A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.
**
The Logical Web Application Firewall for protecting web applications hosted on Azure
**
With the largest market share in the WAF market of Asia Pacific, WAPPLES’ customers include some of the largest in the finance, public, and commercial sectors.
WAPPLES protects applications from attacks that exploit both known and zero-day vulnerabilities. From Application-layer DoS to SQLi and XSS, WAPPLES is effectively covers all OWASP top 10 risks.
With an intuitive GUI that is easy to learn and use, WAPPLES allows for quick deployment within a few steps. All VMs can be configured and monitored through one central management console. Online customer support is available at all times.
WAPPLES SA v6.0 is extremely versatile, where security policies include a selection of 32 configurable logic-based detection rules, specifically tailored to protect against web attacks. It is deployable in reverse proxy, inline, and high availability modes. Even reports are customizable.
The AI-based COCEP engine allows automatic detection of known and zero-day attacks, resulting in high accuracy and low false-positives.
Fully integrated to Azure, WAPPLES offers a wide range of additional services such as load balancing and data loss prevention, helping users make the most out of their Azure experience.
WAPPLES SA is available in the following languages: English, Korean, Japanese, Russian, and Ukrainian.
Please contact the corresponding region for inquires:
- Korea: [email protected]
- Japan: [email protected]
- Global: [email protected]
Related news
Researcher uncovers RCE and undocumented backdoor risks
Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control.