Lucene search
K
DellEmc Appsync

6 matches found

CVE
CVE
added 2022/01/21 8:15 p.m.121 views

CVE-2022-22553

Dell EMC AppSync versions 3.9–4.3 are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability. An adjacent unauthenticated attacker could brute-force passwords via UI/CLI, potentially leading to account takeover if weak passwords are used. No remediation or fixed ve...

9.8CVSS9.4AI score0.01079EPSS
CVE
CVE
added 2022/01/21 8:15 p.m.107 views

CVE-2022-22551

CVE-2022-22551 affects Dell EMC AppSync (versions 3.9–4.3). The issue arises from using the GET method with sensitive query strings, enabling an adjacent, unauthenticated attacker to hijack a victim’s session. Connected sources confirm the product, vulnerable component (GET handling of sensitive ...

8.8CVSS8.5AI score0.00388EPSS
CVE
CVE
added 2022/01/21 8:15 p.m.102 views

CVE-2022-22552

Dell EMC AppSync versions 3.9–4.3 are affected by a clickjacking vulnerability that could be exploited remotely by an unauthenticated attacker to coerce a user into performing state-changing operations. The CVE is documented across multiple sources (NVD, CNVD, CVE records) with consistent descrip...

6.9CVSS6.1AI score0.00689EPSS
CVE
CVE
added 2022/04/21 8:50 p.m.85 views

CVE-2022-24424

Dell EMC AppSync v3.9–v4.3 contains a path traversal vulnerability in the AppSync server. A remote unauthenticated attacker may exploit this to gain unauthorized read access to files on the server filesystem with the privileges of the running web application. This is the core impact documented by...

7.5CVSS7.5AI score0.01575EPSS
CVE
CVE
added 2024/10/09 6:48 a.m.51 views

CVE-2024-39586

Dell AppSync Server (versions 4.3–4.6) contains an XML External Entity (XXE) vulnerability. An adjacent, high-privilege attacker could potentially leverage improperly filtered XML input to disclose information. The issue is rooted in how external entities are processed, allowing unauthorized read...

4.3CVSS6.8AI score0.00209EPSS
CVE
CVE
added 2024/02/08 9:23 a.m.49 views

CVE-2024-22464

Dell EMC AppSync (versions 4.2.0.0–4.6.0.0) contains a log-based information disclosure vulnerability in AppSync server logs. A high-privilege remote attacker could potentially access exposed credentials from logs, enabling unauthorized access with the compromised account’s privileges. Affected p...

6.8CVSS6.2AI score0.00523EPSS