.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. meta:: :description: Security bulletin :keywords: WAPT, security, CVE, MITRE, CERT-FR, vulnerability, disclosure ################# Security bulletin ################# .. _CVE-2021-38608: ***************************** WAPT-2021-01 : CVE-2021-38608 ***************************** * Brief: Insecure permission allows a user running as guest to escalate privileges. * Announced: August 13, 2021. * Impact: **High**. * Products: WAPT Enterprise & Community. * Impacted versions: WAPT Enterprise < 2.0.0.9450, WAPT Enterprise < 1.8.2.7373 and WAPT Community < 1.8.2.7373. * Description: Insecure permission allows guest OS users to escalate privileges via WAPT Agent. * Reporter: Anass ANNOUR from the ORM/ITT&AC Risk Assessment Team, BNPParibas. * Published CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38608.