CVE-2014-4634

CVE-2014-4634 describes an unquoted Windows search path vulnerability in EMC Replication Manager (pre-5.5.2) and EMC AppSync (pre-2.1.0). The underlying issue is an unquoted service path used by Windows services, enabling a local attacker to abuse a Trojan horse executable whose name starts with ...

CVE-2017-14376

CVE-2017-14376 affects EMC AppSync Server prior to 3.5.0.1. The vulnerability arises from hardcoded database passwords for accounts, specifically the administrative-privilege accounts (e.g., apollosuperuser and apollouser). An attacker with local access to the AppSync PostgreSQL database and know...

CVE-2017-8015

EMC AppSync (pre-3.5) contains an SQL injection in the Apollo REST services. The flaw arises when parsing a user-supplied string to build SQL queries, enabling information disclosure on vulnerable installations. The vulnerability allows remote attackers to disclose sensitive data; authentication ...

CVE-2023-32458

Dell AppSync (Dell EMC AppSync) versions 4.4.0.0–4.6.0.0 (including SPs) contain an improper access control vulnerability in the Embedded Service Enabler. A local attacker could exploit this during installation to achieve privilege escalation. The issue is documented in CVE-2023-32458 with CVSSv3...

CVE-2017-8018

Affected product : EMC AppSync Host Plug-in (Windows) v3.5 and earlier. Vulnerability : Denial of Service (DoS) in the host plug‑in that could be exploited by a remote attacker to compromise the affected system. Root cause/impact : DoS as described in CVE-2017-8018; CVSS metrics from NVD indicate...