Security bulletin¶
WAPT-2021-01 : CVE-2021-38608¶
Brief: Insecure permission allows a user running as guest to escalate privileges.
Announced: August 13, 2021.
Impact: High.
Products: WAPT Enterprise & Community.
Impacted versions: WAPT Enterprise < 2.0.0.9450, WAPT Enterprise < 1.8.2.7373 and WAPT Community < 1.8.2.7373.
Description: Insecure permission allows guest OS users to escalate privileges via WAPT Agent.
Reporter: Anass ANNOUR from the ORM/ITT&AC Risk Assessment Team, BNPParibas.
Published CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38608.