Impact
High
Details
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2022-22551 |
Dell EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker may potentially exploit this vulnerability, and hijack the victim session. |
8.3 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H |
CVE-2022-22552 |
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker may potentially exploit this vulnerability to trick the victim into executing state changing operations. |
6.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:H |
CVE-2022-22553 |
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that may be exploited from UI and CLI. An adjacent unauthenticated attacker may potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users. |
8.1 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Third-party Component |
CVEs |
More information |
RESTEasy 3.0.10.Final |
CVE-2016-9606 |
https://nvd.nist.gov/vuln/detail/CVE-2016-9606 |
CVE-2020-1695 |
https://nvd.nist.gov/vuln/detail/CVE-2020-1695 |
CVE-2020-25724 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25724 |
CVE-2020-14326 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14326 |
CVE-2017-7561 |
https://nvd.nist.gov/vuln/detail/CVE-2017-7561 |
CVE-2016-6346 |
https://nvd.nist.gov/vuln/detail/CVE-2016-6346 |
CVE-2020-10688 |
https://nvd.nist.gov/vuln/detail/CVE-2020-10688 |
CVE-2021-20293 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20293 |
CVE-2020-25633 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25633 |
CVE-2021-20289 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20289 |
Simple-XML 2.4.1 |
CVE-2017-1000190 |
https://nvd.nist.gov/vuln/detail/CVE-2017-1000190 |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2022-22551 |
Dell EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker may potentially exploit this vulnerability, and hijack the victim session. |
8.3 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H |
CVE-2022-22552 |
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker may potentially exploit this vulnerability to trick the victim into executing state changing operations. |
6.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:H |
CVE-2022-22553 |
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that may be exploited from UI and CLI. An adjacent unauthenticated attacker may potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users. |
8.1 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Third-party Component |
CVEs |
More information |
RESTEasy 3.0.10.Final |
CVE-2016-9606 |
https://nvd.nist.gov/vuln/detail/CVE-2016-9606 |
CVE-2020-1695 |
https://nvd.nist.gov/vuln/detail/CVE-2020-1695 |
CVE-2020-25724 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25724 |
CVE-2020-14326 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14326 |
CVE-2017-7561 |
https://nvd.nist.gov/vuln/detail/CVE-2017-7561 |
CVE-2016-6346 |
https://nvd.nist.gov/vuln/detail/CVE-2016-6346 |
CVE-2020-10688 |
https://nvd.nist.gov/vuln/detail/CVE-2020-10688 |
CVE-2021-20293 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20293 |
CVE-2020-25633 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25633 |
CVE-2021-20289 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20289 |
Simple-XML 2.4.1 |
CVE-2017-1000190 |
https://nvd.nist.gov/vuln/detail/CVE-2017-1000190 |
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products and Remediation
Revision History
Revision | Date | Description |
1.0 | 2022-01-19 | Initial Release |
Related Information
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide