3 matches found
CVE-2022-22553
Dell EMC AppSync versions 3.9–4.3 are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability. An adjacent unauthenticated attacker could brute-force passwords via UI/CLI, potentially leading to account takeover if weak passwords are used. No remediation or fixed ve...
CVE-2022-22551
CVE-2022-22551 affects Dell EMC AppSync (versions 3.9–4.3). The issue arises from using the GET method with sensitive query strings, enabling an adjacent, unauthenticated attacker to hijack a victim’s session. Connected sources confirm the product, vulnerable component (GET handling of sensitive ...
CVE-2022-22552
Dell EMC AppSync versions 3.9–4.3 are affected by a clickjacking vulnerability that could be exploited remotely by an unauthenticated attacker to coerce a user into performing state-changing operations. The CVE is documented across multiple sources (NVD, CNVD, CVE records) with consistent descrip...