CVE-2022-24414

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attac...

Vulnerabilities fixed in Dell EMC CloudLink

Vulnerabilities have been fixed in Dell EMC CloudLink. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution application rights...

Dell EMC CloudLink Buffer Overflow Vulnerability

Dell EMC CloudLink is a flexible data encryption and key management solution for data encryption in public, private, and hybrid cloud environments.Dell EMC CloudLink 7.1 and earlier versions are vulnerable to a buffer overflow vulnerability that could be exploited by a local, low-privilege attack...

Dell EMC CloudLink Arbitrary File Creation Vulnerability

Dell EMC CloudLink is a flexible data encryption and key management solution for data encryption in public, private, and hybrid cloud environments.Dell EMC CloudLink 7.1 and earlier versions contain an arbitrary file creation vulnerability that can be exploited by remote unauthenticated attackers...

Dell EMC CloudLink Input Validation Error Vulnerability (CNVD-2021-92445)

Dell EMC CloudLink is a flexible data encryption and key management solution for data encryption in public, private and hybrid cloud environments.Dell EMC CloudLink 7.1 and earlier versions are vulnerable to an input validation error that can be exploited by remote, low-privilege attackers to...

Dell EMC CloudLink OS Command Injection Vulnerability

Dell EMC CloudLink is a flexible data encryption and key management solution for data encryption in public, private and hybrid cloud environments. An OS command injection vulnerability exists in Dell EMC CloudLink 7.1 and earlier versions. A remote, highly-privileged attacker could exploit this...

Dell EMC CloudLink CSV Formula Injection Vulnerability

Dell EMC CloudLink is a flexible data encryption and key management solution for data encryption in public, private, and hybrid cloud environments.A CSV formula injection vulnerability exists in Dell EMC CloudLink 7.1 and earlier versions, which can be exploited by remote, high-privilege attacker...

Dell EMC CloudLink Hardcoded Password Vulnerability

Dell EMC CloudLink is a flexible data encryption and key management solution for data encryption in public, private, and hybrid cloud environments.A hard-coded password vulnerability exists in Dell EMC CloudLink 7.1 and earlier versions. An attacker could exploit this vulnerability to gain...

CVE-2021-36314

Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A remote unauthenticated attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary files on the end user system...

CVE-2021-36333

Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash...

CVE-2021-36335

Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files on the server...

CVE-2021-36334

Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine...

CVE-2021-36312

Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit this vulnerability to gain unauthorized access to the system...

CVE-2021-36332

Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites...

CVE-2021-36313

Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable...

CVE-2021-36312

Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit this vulnerability to gain unauthorized access to the system...

CVE-2021-36313

Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable...

CVE-2021-36332

Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites...

CVE-2021-36334

Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine...

CVE-2021-36335

Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files on the server...