Impacto
High
Detalles
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2022-22551 |
Dell EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker may potentially exploit this vulnerability, and hijack the victim session. |
8.3 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H |
| CVE-2022-22552 |
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker may potentially exploit this vulnerability to trick the victim into executing state changing operations. |
6.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:H |
| CVE-2022-22553 |
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that may be exploited from UI and CLI. An adjacent unauthenticated attacker may potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users. |
8.1 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component |
CVEs |
More information |
| RESTEasy 3.0.10.Final |
CVE-2016-9606 |
https://nvd.nist.gov/vuln/detail/CVE-2016-9606 |
| CVE-2020-1695 |
https://nvd.nist.gov/vuln/detail/CVE-2020-1695 |
| CVE-2020-25724 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25724 |
| CVE-2020-14326 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14326 |
| CVE-2017-7561 |
https://nvd.nist.gov/vuln/detail/CVE-2017-7561 |
| CVE-2016-6346 |
https://nvd.nist.gov/vuln/detail/CVE-2016-6346 |
| CVE-2020-10688 |
https://nvd.nist.gov/vuln/detail/CVE-2020-10688 |
| CVE-2021-20293 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20293 |
| CVE-2020-25633 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25633 |
| CVE-2021-20289 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20289 |
| Simple-XML 2.4.1 |
CVE-2017-1000190 |
https://nvd.nist.gov/vuln/detail/CVE-2017-1000190 |
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2022-22551 |
Dell EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker may potentially exploit this vulnerability, and hijack the victim session. |
8.3 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H |
| CVE-2022-22552 |
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker may potentially exploit this vulnerability to trick the victim into executing state changing operations. |
6.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:H |
| CVE-2022-22553 |
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that may be exploited from UI and CLI. An adjacent unauthenticated attacker may potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users. |
8.1 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component |
CVEs |
More information |
| RESTEasy 3.0.10.Final |
CVE-2016-9606 |
https://nvd.nist.gov/vuln/detail/CVE-2016-9606 |
| CVE-2020-1695 |
https://nvd.nist.gov/vuln/detail/CVE-2020-1695 |
| CVE-2020-25724 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25724 |
| CVE-2020-14326 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14326 |
| CVE-2017-7561 |
https://nvd.nist.gov/vuln/detail/CVE-2017-7561 |
| CVE-2016-6346 |
https://nvd.nist.gov/vuln/detail/CVE-2016-6346 |
| CVE-2020-10688 |
https://nvd.nist.gov/vuln/detail/CVE-2020-10688 |
| CVE-2021-20293 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20293 |
| CVE-2020-25633 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25633 |
| CVE-2021-20289 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20289 |
| Simple-XML 2.4.1 |
CVE-2017-1000190 |
https://nvd.nist.gov/vuln/detail/CVE-2017-1000190 |
Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.
Historial de revisiones
| Revision | Date | Description |
| 1.0 | 2022-01-19 | Initial Release |
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Productos afectados
AppSync, AppSync, Product Security Information