DSA-2025-277: Security Update for Dell AppSync Vulnerabilities

概要: Dell AppSync remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

この記事は次に適用されます: この記事は次には適用されません: この記事は、特定の製品に関連付けられていません。 すべての製品パージョンがこの記事に記載されているわけではありません。
他のリソースを確認する

影響

Medium

詳細

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-36603 Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering. 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32744 Dell AppSync, version(s) 4.6.0.0, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. 6.6 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-36603 Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering. 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32744 Dell AppSync, version(s) 4.6.0.0, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. 6.6 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

デル・テクノロジーズでは、すべてのお客様に対して、CVSSベース スコアに加えて、特定のセキュリティの脆弱性に付随する潜在的な重要度に影響する可能性のある現状スコアや環境スコアも考慮することをお勧めしています。

影響を受ける製品と修復

Product Software/Firmware Affected Versions Remediated Versions Link
Dell AppSync AppSync Versions prior to 4.6.0.4 Version 4.6.0.4 or later https://dl.dell.com/downloads/JD3VM_AppSync-4.6.0.4-(Build-number-4.6.0.4-74)-Software.zip

 

Product Software/Firmware Affected Versions Remediated Versions Link
Dell AppSync AppSync Versions prior to 4.6.0.4 Version 4.6.0.4 or later https://dl.dell.com/downloads/JD3VM_AppSync-4.6.0.4-(Build-number-4.6.0.4-74)-Software.zip

 

変更履歴

RevisionDateDescription
1.02025-07-15Initial Release
2.02025-07-15Updated the CVE details

 

確認

CVE-2025-36603: Dell would like to thank Ouallaout Noureddine for reporting this issue 

CVE-2025-32744: Dell would like to thank Ahmed Y. Elmogy for reporting this issue 

関連情報

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法的免責事項

対象製品

AppSync, AppSync
文書のプロパティ
文書番号: 000345331
文書の種類: Dell Security Advisory
最終更新: 15 7月 2025
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。