WaveMaker < 6.4.6 Security Bypass
High Nessus Plugin ID 60063
SynopsisA web development application hosted on the remote web server has a security bypass vulnerability.
DescriptionAccording to its self-reported version number, the version of WaveMaker installed on the remote host has a security bypass vulnerability. Any projects deployed with WaveMaker Studio before 6.4.6 are affected by this vulnerability. A remote attacker could exploit this by requesting project services using unspecified URLs.
SolutionUpgrade to WaveMaker 6.4.6 or later.
Existing projects should be redeployed by WaveMaker Studio 6.4.6 or later in order to address this issue. If redeployment is not possible, consider the workaround referenced in the WaveMaker 6.4.6 release notes.