Dell AppSync Server XXE (XML External Entity) 4.3-4.6 Info Disclosure
CVE-2024-39586 Published on October 9, 2024

Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

HIGH

Privileges Required:

HIGH

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

NONE

Availability Impact:

LOW

Weakness Type

What is a XXE Vulnerability?

The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

CVE-2024-39586 has been classified to as a XXE vulnerability or weakness.

Products Associated with CVE-2024-39586

Want to know whenever a new CVE is published for Dell Emc Appsync? stack.watch will email you.

Dell Emc Appsync

Affected Versions

Dell AppSync:

Version 4.3.0.0, <= 4.6.0.0 is affected.

Exploit Probability

EPSS

0.05%

Percentile

15.16%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.