Security bulletin

WAPT-2021-01 : CVE-2021-38608

  • Brief: Insecure permission allows a user running as guest to escalate privileges.

  • Announced: August 13, 2021.

  • Impact: High.

  • Products: WAPT Enterprise & Community.

  • Impacted versions: WAPT Enterprise < 2.0.0.9450, WAPT Enterprise < 1.8.2.7373 and WAPT Community < 1.8.2.7373.

  • Description: Insecure permission allows guest OS users to escalate privileges via WAPT Agent.

  • Reporter: Anass ANNOUR from the ORM/ITT&AC Risk Assessment Team, BNPParibas.

  • Published CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38608.