6 matches found
CVE-2022-22553
Dell EMC AppSync versions 3.9–4.3 are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability. An adjacent unauthenticated attacker could brute-force passwords via UI/CLI, potentially leading to account takeover if weak passwords are used. No remediation or fixed ve...
CVE-2022-22551
CVE-2022-22551 affects Dell EMC AppSync (versions 3.9–4.3). The issue arises from using the GET method with sensitive query strings, enabling an adjacent, unauthenticated attacker to hijack a victim’s session. Connected sources confirm the product, vulnerable component (GET handling of sensitive ...
CVE-2022-22552
Dell EMC AppSync versions 3.9–4.3 are affected by a clickjacking vulnerability that could be exploited remotely by an unauthenticated attacker to coerce a user into performing state-changing operations. The CVE is documented across multiple sources (NVD, CNVD, CVE records) with consistent descrip...
CVE-2022-24424
Dell EMC AppSync v3.9–v4.3 contains a path traversal vulnerability in the AppSync server. A remote unauthenticated attacker may exploit this to gain unauthorized read access to files on the server filesystem with the privileges of the running web application. This is the core impact documented by...
CVE-2024-39586
Dell AppSync Server (versions 4.3–4.6) contains an XML External Entity (XXE) vulnerability. An adjacent, high-privilege attacker could potentially leverage improperly filtered XML input to disclose information. The issue is rooted in how external entities are processed, allowing unauthorized read...
CVE-2024-22464
Dell EMC AppSync (versions 4.2.0.0–4.6.0.0) contains a log-based information disclosure vulnerability in AppSync server logs. A high-privilege remote attacker could potentially access exposed credentials from logs, enabling unauthorized access with the compromised account’s privileges. Affected p...