Dell Emc Appsync
By the Year
In 2024 there have been 1 vulnerability in Dell Emc Appsync with an average score of 6.8 out of ten. Emc Appsync did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2024 as compared to last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 1 | 6.80 |
2023 | 0 | 0.00 |
2022 | 4 | 8.05 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Emc Appsync vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Dell Emc Appsync Security Vulnerabilities
Dell EMC AppSync, versions
CVE-2024-22464
6.8 - Medium
- February 08, 2024
Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.
Insertion of Sensitive Information into Log File
Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server
CVE-2022-24424
7.5 - High
- April 21, 2022
Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.
Directory traversal
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability
CVE-2022-22553
9.8 - Critical
- January 21, 2022
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users.
Improper Restriction of Excessive Authentication Attempts
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync
CVE-2022-22552
6.1 - Medium
- January 21, 2022
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations.
Clickjacking
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings
CVE-2022-22551
8.8 - High
- January 21, 2022
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session.
Session Fixation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Dell Emc Appsync or by Dell? Click the Watch button to subscribe.