DSA-2023-331: Security Update for Dell EMC AppSync
Summary: Dell EMC AppSync remediation is available for Dell Embedded Service Enabler vulnerability that could be exploited by local malicious user to compromise the affected system
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-32458 | Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation. | 7.3 | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H  |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-32458 | Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation. | 7.3 | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Affected Products & Remediation
| Product | Affected Versions | Updated Version | Link to Update | |
|---|---|---|---|---|
| Dell EMC AppSync | Versions 4.4.0.0, 4.5.0.0 and 4.6.0.0 including Service Pack releases | See Workaround and Mitigation | AppSync 4.6 Installation and Configuration Guide (dell.com) AppSync 4.5 Installation and Configuration Guide (dell.com) Dell EMC AppSync 4.4 SP1 Installation and Configuration Guide |
|
| Product | Affected Versions | Updated Version | Link to Update | |
|---|---|---|---|---|
| Dell EMC AppSync | Versions 4.4.0.0, 4.5.0.0 and 4.6.0.0 including Service Pack releases | See Workaround and Mitigation | AppSync 4.6 Installation and Configuration Guide (dell.com) AppSync 4.5 Installation and Configuration Guide (dell.com) Dell EMC AppSync 4.4 SP1 Installation and Configuration Guide |
|
To mitigate this vulnerability, the user must verify the below prerequisite: -
The installation path or directory targeted for AppSync server installation is empty before performing a fresh install.
The installation path or directory targeted for AppSync server installation is empty before performing a fresh install.
Workarounds & Mitigations
| CVE | Workaround |
|---|---|
| CVE-2023-32458 |
To mitigate this vulnerability, the user must verify the below prerequisite: The installation path or directory targeted for AppSync server installation is empty before performing a fresh install. AppSync 4.6.0.0 document: AppSync 4.6 Installation and Configuration Guide (dell.com)AppSync 4.5.0.0 document: AppSync 4.5 Installation and Configuration Guide (dell.com) AppSync 4.4.0.0 document: Dell EMC AppSync 4.4 SP1 Installation and Configuration Guide |
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-09-27 | Initial Release |
| 2.0 | 2023-10-04 | Updated for enhanced presentation with no changes to content. |
| 3.0 | 2023-12-04 | Updated the Workaround and Mitigation section for more clarity |
| 4.0 | 2024-03-14 | Added details to Workaround and Mitigation section |
Acknowledgements
Dell Technologies would like to thank Gee-netics for reporting this issue.
Related Information
Legal Disclaimer
Article Properties
Article Number: 000218038
Article Type: Dell Security Advisory
Last Modified: 19 Sep 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.