Auswirkungen
High
Details
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2022-22551 |
Dell EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker may potentially exploit this vulnerability, and hijack the victim session. |
8.3 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H |
CVE-2022-22552 |
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker may potentially exploit this vulnerability to trick the victim into executing state changing operations. |
6.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:H |
CVE-2022-22553 |
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that may be exploited from UI and CLI. An adjacent unauthenticated attacker may potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users. |
8.1 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Third-party Component |
CVEs |
More information |
RESTEasy 3.0.10.Final |
CVE-2016-9606 |
https://nvd.nist.gov/vuln/detail/CVE-2016-9606 |
CVE-2020-1695 |
https://nvd.nist.gov/vuln/detail/CVE-2020-1695 |
CVE-2020-25724 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25724 |
CVE-2020-14326 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14326 |
CVE-2017-7561 |
https://nvd.nist.gov/vuln/detail/CVE-2017-7561 |
CVE-2016-6346 |
https://nvd.nist.gov/vuln/detail/CVE-2016-6346 |
CVE-2020-10688 |
https://nvd.nist.gov/vuln/detail/CVE-2020-10688 |
CVE-2021-20293 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20293 |
CVE-2020-25633 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25633 |
CVE-2021-20289 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20289 |
Simple-XML 2.4.1 |
CVE-2017-1000190 |
https://nvd.nist.gov/vuln/detail/CVE-2017-1000190 |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2022-22551 |
Dell EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker may potentially exploit this vulnerability, and hijack the victim session. |
8.3 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H |
CVE-2022-22552 |
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker may potentially exploit this vulnerability to trick the victim into executing state changing operations. |
6.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:H |
CVE-2022-22553 |
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that may be exploited from UI and CLI. An adjacent unauthenticated attacker may potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users. |
8.1 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Third-party Component |
CVEs |
More information |
RESTEasy 3.0.10.Final |
CVE-2016-9606 |
https://nvd.nist.gov/vuln/detail/CVE-2016-9606 |
CVE-2020-1695 |
https://nvd.nist.gov/vuln/detail/CVE-2020-1695 |
CVE-2020-25724 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25724 |
CVE-2020-14326 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14326 |
CVE-2017-7561 |
https://nvd.nist.gov/vuln/detail/CVE-2017-7561 |
CVE-2016-6346 |
https://nvd.nist.gov/vuln/detail/CVE-2016-6346 |
CVE-2020-10688 |
https://nvd.nist.gov/vuln/detail/CVE-2020-10688 |
CVE-2021-20293 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20293 |
CVE-2020-25633 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25633 |
CVE-2021-20289 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20289 |
Simple-XML 2.4.1 |
CVE-2017-1000190 |
https://nvd.nist.gov/vuln/detail/CVE-2017-1000190 |
Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.
Revisionsverlauf
Revision | Date | Description |
1.0 | 2022-01-19 | Initial Release |
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Betroffene Produkte
AppSync, AppSync, Product Security Information