5 matches found
CVE-2024-52542
Dell AppSync 4.6.0.x is affected by a Symbolic Link (Symlink) Following vulnerability. The root cause is the mismanagement of symlinks that allows a low-privileged, locally connected attacker to tamper information. Impact is limited to information integrity (I: High; A: None; C: None per docs). N...
CVE-2025-36603
Dell AppSync 4.6.0.0 contains an Improper Restriction of XML External Entity Reference vulnerability. A low-privilege attacker with local access could exploit this to cause information disclosure and information tampering. Exploitation details are not provided in the documents. References indicat...
CVE-2025-32744
Dell AppSync 4.6.0.0 contains an Unrestricted Upload of File with Dangerous Type vulnerability that could allow remote code execution by a high-privilege attacker with remote access. The issue stems from insufficient validation of uploaded files. A security update/ advisory (DSA-2025-277) is avai...
CVE-2026-22768
Dell AppSync, version 4.6.0, contains an Incorrect Permission Assignment for a Critical Resource vulnerability. A low-privileged attacker with local access could exploit this to achieve Elevation of Privileges. CVSS v3.1 indicates Local attack vector, Low attack complexity, Privileges Required: L...
CVE-2026-22767
Dell AppSync 4.6.0 is affected by a UNIX symbolic link (symlink) following vulnerability. A low-privileged local attacker could potentially exploit this to tamper information. Root cause details are not explicitly provided beyond the symlink following descriptor in the sources. Remediation/patch/...