143 matches found
Improper access control
Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation...
CVE-2023-32458
Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation...
CVE-2023-32458
Dell AppSync (Dell EMC AppSync) versions 4.4.0.0–4.6.0.0 (including SPs) contain an improper access control vulnerability in the Embedded Service Enabler. A local attacker could exploit this during installation to achieve privilege escalation. The issue is documented in CVE-2023-32458 with CVSSv3...
CVE-2023-32458
Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation...
Dell EMC AppSync 访问控制错误漏洞
Dell EMC AppSync is a replication data management software from Dell, Inc. It provides a simple self-service, SLA-driven approach to protecting, recovering and cloning critical Microsoft and Oracle applications and VMware environments. An Access Control Error vulnerability exists in Dell EMC...
Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services
Amazon Web Services AWS has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. The issue relates to a confused deputy problem, a type of privilege escalation where a program that doesn't have permission to perfor...
CVE-2022-24424
Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web...
CVE-2022-24424
Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web...
Path traversal
Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web...
CVE-2022-24424
Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web...
CVE-2022-24424
Dell EMC AppSync v3.9–v4.3 contains a path traversal vulnerability in the AppSync server. A remote unauthenticated attacker may exploit this to gain unauthorized read access to files on the server filesystem with the privileges of the running web application. This is the core impact documented by...
DELL EMC AppSync Path Traversal Vulnerability
DELL EMC AppSync is a replicated data management software from Dell, Inc. It provides an SLA-driven, simple self-service approach to protecting, recovering and cloning critical Microsoft and Oracle applications and VMware environments. A path traversal vulnerability exists in Dell EMC AppSync,...
DELL EMC AppSync 路径遍历漏洞
DELL EMC AppSync is a replicated data management software from Dell, Inc. It provides an SLA-driven, simple self-service approach to protecting, recovering and cloning critical Microsoft and Oracle applications and VMware environments. A path traversal vulnerability exists in Dell EMC AppSync,...
CVE-2022-24424
Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web...
Unspecified vulnerability in DELL EMC AppSync (CNVD-2022-06706)
DELL EMC AppSync is a replication data management software from Dell DELL, Inc. A security vulnerability exists in DELL EMC AppSync due to a clickjacking vulnerability in Dell EMC AppSync versions 3.9 through 4.3. An attacker could use this vulnerability to trick victims into performing a state...
DELL EMC AppSync has an unspecified vulnerability
DELL EMC AppSync is a replication data management software from Dell USA Inc. The security vulnerability in DELL EMC AppSync stems from the fact that Dell EMC AppSync versions 3.9 through 4.3 contain an "over-authentication Improper Attempt Limitation" vulnerability, which can be exploited from t...
Unspecified vulnerability in DELL EMC AppSync (CNVD-2022-06705)
DELL EMC AppSync is a replication data management software from Dell USA Inc. A security vulnerability exists in DELL EMC AppSync due to the use of the GET request method with sensitive query strings in DELL EMC AppSync versions 3.9 through 4.3. . An attacker could use this vulnerability to hijac...
CVE-2022-22551
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session...
CVE-2022-22553
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is...
CVE-2022-22552
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations...