Download of Code Without Integrity Check

CVE-2022-31324

Medium

6.5/10

Summary

An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-494 - Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

References

Advisory Timeline

Published Sep 13, 2022

Download of Code Without Integrity Check

CVE-2022-31324

Summary

CWE-494 - Download of Code Without Integrity Check

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS